MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod
High Nessus Plugin ID 122243
SynopsisThe remote database server is affected by a vulnerability that may result in a denial of service or in the compromise of the server memory integrity.
DescriptionThe version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by multiple vulnerabilities.
- A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local attacker can exploit this to get access to user credentials. (CVE-2014-2917)
- A denial of service (DoS) vulnerability exist in the CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod. An unauthenticated remote attacker can exploit this to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. (CVE-2014-3971)
- A heap-based buffer overflow condition exists in PCRE. An unauthenticated remote attacker can exploit this via a crafted regular expression, related to an assertion that allows zero repeats to cause a denial of service or to cause other unspecified impact. (CVE-2014-8964)
- A DoS vulnerability exists due to failure to check for missing values. An authenticated remote attacker can exploit this to cause the application to crash. The attacker needs write access to a database to be able to exploit this vulnerability.
- A breach of data integrity vulnerability exists in the WiredTiger storage engine. An authenticated remote attacker can exploit this by issuing an admin command to write statistic logs to a specific file and may compromise data integrity. (CVE-2017-12926)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later.