[SERVER-40563] Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. Created: 10/Apr/19  Updated: 29/Oct/23  Resolved: 31/May/19

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: None
Fix Version/s: 3.4.22, 3.6.14, 4.0.11, 4.1.14

Type: Improvement Priority: Major - P3
Reporter: Mathew Robinson (Inactive) Assignee: Mathew Robinson (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6, v3.4
Sprint: Security 2019-04-22, Security 2019-05-06, Dev Tools 2019-06-03
Participants:

 Description   
CVE-2019-2389

Description
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.

Credit
Sicheng Liu of Beijing DBSEC Technology Co., Ltd



 Comments   
Comment by Githook User [ 07/Jun/19 ]

Author:

{'name': 'Mathew Robinson', 'email': 'chasinglogic@gmail.com', 'username': 'chasinglogic'}

Message: SERVER-40563 validate that `(${procname})` is the process' command name.

(cherry picked from commit 443e8974d66a3ddd2ad89f8b3f9c2ebb7d8d9500)
Branch: v3.4
https://github.com/mongodb/mongo/commit/e78eb1b7172aa23a7ce26bf01ccd2e8a61e31076

Comment by Githook User [ 07/Jun/19 ]

Author:

{'name': 'Mathew Robinson', 'email': 'chasinglogic@gmail.com', 'username': 'chasinglogic'}

Message: SERVER-40563 validate that `(${procname})` is the process' command name.

(cherry picked from commit 443e8974d66a3ddd2ad89f8b3f9c2ebb7d8d9500)
Branch: v3.6
https://github.com/mongodb/mongo/commit/c1d1565780fa3c7fc18b591b3f1e8e0e52f3519f

Comment by Githook User [ 07/Jun/19 ]

Author:

{'name': 'Mathew Robinson', 'email': 'chasinglogic@gmail.com', 'username': 'chasinglogic'}

Message: SERVER-40563 validate that `(${procname})` is the process' command name.

(cherry picked from commit 443e8974d66a3ddd2ad89f8b3f9c2ebb7d8d9500)
Branch: v4.0
https://github.com/mongodb/mongo/commit/714895ea484019cf65380b94ad328e790a25e7fc

Comment by Githook User [ 31/May/19 ]

Author:

{'name': 'Mathew Robinson', 'email': 'chasinglogic@gmail.com', 'username': 'chasinglogic'}

Message: SERVER-40563 validate that `(${procname})` is the process' command name.
Branch: master
https://github.com/mongodb/mongo/commit/443e8974d66a3ddd2ad89f8b3f9c2ebb7d8d9500

Generated at Thu Feb 08 04:55:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.