Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MONGODB_3_2_8.NASL
HistoryFeb 15, 2019 - 12:00 a.m.

MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod

2019-02-1500:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
335
JSON

The version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by multiple vulnerabilities.

  • A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local attacker can exploit this to get access to user credentials. (CVE-2014-2917)

  • A denial of service (DoS) vulnerability exist in the CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod. An unauthenticated remote attacker can exploit this to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. (CVE-2014-3971)

  • A heap-based buffer overflow condition exists in PCRE. An unauthenticated remote attacker can exploit this via a crafted regular expression, related to an assertion that allows zero repeats to cause a denial of service or to cause other unspecified impact. (CVE-2014-8964)

  • A DoS vulnerability exists due to failure to check for missing values. An authenticated remote attacker can exploit this to cause the application to crash. The attacker needs write access to a database to be able to exploit this vulnerability.
    (CVE-2015-2705)

  • A breach of data integrity vulnerability exists in the WiredTiger storage engine. An authenticated remote attacker can exploit this by issuing an admin command to write statistic logs to a specific file and may compromise data integrity. (CVE-2017-12926)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(122243);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/20");

  script_cve_id(
    "CVE-2014-2917",
    "CVE-2014-3971",
    "CVE-2014-8964",
    "CVE-2015-2705",
    "CVE-2017-12926"
  );
  script_bugtraq_id(71206);

  script_name(english:"MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by a vulnerability that may
result in a denial of service or in the compromise of the server
memory integrity.");
  script_set_attribute(attribute:"description", value:
"The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

  - A credentials disclosure vulnerability exists in the
    PEMKeyPassword, clusterPassword and Windows servicePassword. An
    unauthenticated local attacker can exploit this to get access 
    to user credentials. (CVE-2014-2917)

  - A denial of service (DoS) vulnerability exist in the
    CmdAuthenticate::_authenticateX509 function in
    db/commands/authentication_commands.cpp in mongod. An
    unauthenticated remote attacker can exploit this to cause a denial
    of service (daemon crash) by attempting authentication with an
    invalid X.509 client certificate. (CVE-2014-3971)

  - A heap-based buffer overflow condition exists in PCRE. An 
    unauthenticated remote attacker can exploit this via a crafted
    regular expression, related to an assertion that allows zero
    repeats to cause a denial of service or to cause other unspecified
    impact. (CVE-2014-8964)

  - A DoS vulnerability exists due to failure to check for missing
    values. An authenticated remote attacker can exploit this to
    cause the application to crash. The attacker needs write access
    to a database to be able to exploit this vulnerability.
    (CVE-2015-2705)

  - A breach of data integrity vulnerability exists in the WiredTiger
    storage engine. An authenticated remote attacker can exploit this
    by issuing an admin command to write statistic logs to a specific
    file and may compromise data integrity. (CVE-2017-12926)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-13644");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-13753");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-17252");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-17521");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/WT-2711");
  script_set_attribute(attribute:"see_also", value:"https://www.mongodb.com/alerts");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12926");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mongodb:mongodb");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mongodb_detect.nasl");
  script_require_keys("Services/mongodb");

  exit(0);
}

include('vcf.inc');

var app = 'MongoDB';
var port = get_service(svc:'mongodb', default:27017, exit_on_fail:TRUE);
var kbVer = 'mongodb/' + port + '/Version';

var kb = strcat('mongodb/', port, '/Managed');
if (get_kb_item(kb)) var kb_backport = kb;

var app_info = vcf::get_app_info(app:app, kb_ver:kbVer, kb_backport:kb_backport, port: port);

var constraints = [
  { 'min_version' : '2.6.0', 'fixed_version' : '2.6.9' },
  { 'min_version' : '3.0.0', 'fixed_version' : '3.0.14' },
  { 'min_version' : '3.2.0', 'fixed_version' : '3.2.8' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
mongodbmongodbcpe:/a:mongodb:mongodb

Related

n0where 1
kitploit 1
nessus 23
fedora 7
prion 2
cve 2
openvas 23
archlinux 3
redhat 1
debiancve 2
securityvulns 3
amazon 1
oraclelinux 1
mariadbunix 1
centos 1
mageia 1
ubuntucve 2
ubuntu 1
suse 4
gentoo 1
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
nessus
nessus
Fedora 19 : pcre-8.32-12.fc19 (2014-16224)
2014-12-22 00:00:00
Mandriva Linux Security Advisory : pcre (MDVSA-2015:002)
2015-01-06 00:00:00
Fedora 21 : mingw-pcre-8.35-1.fc21 (2014-17642)
2015-01-06 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mingw-pcre-8.33-4.fc19
2015-01-05 07:40:08
[SECURITY] Fedora 19 Update: pcre-8.32-12.fc19
2014-12-19 18:27:20
[SECURITY] Fedora 20 Update: mingw-pcre-8.33-4.fc20
2015-01-05 07:33:53
prion
prion
Heap overflow
2014-12-16 18:59:00
Authentication flaw
2014-12-25 11:59:00
cve
cve
CVE-2014-8964
2014-12-16 18:59:00
CVE-2014-3971
2014-12-25 11:59:00
openvas
openvas
Fedora Update for mingw-pcre FEDORA-2014-17624
2015-01-05 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-528)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2015-0330)
2015-10-06 00:00:00
archlinux
archlinux
pcre: heap buffer overflow
2014-11-26 00:00:00
mariadb-clients: denial of service
2015-05-08 00:00:00
mariadb: denial of service
2015-05-08 00:00:00
redhat
redhat
(RHSA-2015:0330) Low: pcre security and enhancement update
2015-03-05 00:00:00
debiancve
debiancve
CVE-2014-8964
2014-12-16 18:59:00
CVE-2014-3971
2014-12-25 11:59:00
securityvulns
securityvulns
[ MDVSA-2015:002 ] pcre
2015-01-13 00:00:00
PCRE buffer overflow
2015-01-13 00:00:00
[USN-2694-1] PCRE vulnerabilities
2015-08-02 00:00:00
amazon
amazon
Low: pcre
2015-05-27 14:03:00
oraclelinux
oraclelinux
pcre security and enhancement update
2015-03-09 00:00:00
mariadbunix
mariadbunix
CVE-2014-8964
2014-12-16 18:59:00
centos
centos
pcre security update
2015-03-17 13:29:30
mageia
mageia
Updated pcre packages fix security vulnerability
2014-12-19 18:06:35
ubuntucve
ubuntucve
CVE-2014-8964
2014-12-16 00:00:00
CVE-2014-3971
2014-12-25 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
suse
suse
Security update for mariadb (important)
2015-07-21 16:08:23
Security update for MariaDB (important)
2015-07-09 17:08:05
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
JSON
Related for MONGODB_3_2_8.NASL
n0where1kitploit1nessus23fedora7prion2cve2openvas23archlinux3redhat1debiancve2securityvulns3amazon1oraclelinux1mariadbunix1centos1mageia1ubuntucve2ubuntu1suse4gentoo1