Summary: | <dev-db/mongodb-{2.4.5,2.5.1}: Privilege escalation for authenticated users by leveraging a username of __system in an arbitrary database (CVE-2013-4650) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | bugs, proxy-maint, ultrabug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=981303 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-07-04 14:52:43 UTC
04 Jul 2013; Ultrabug <ultrabug@gentoo.org> -mongodb-2.4.4.ebuild: drop CVE affected ebuilds wrt #475750 *mongodb-2.4.5 (04 Jul 2013) 04 Jul 2013; Ultrabug <ultrabug@gentoo.org> -mongodb-2.4.5_rc0.ebuild, +mongodb-2.4.5.ebuild: version bump, drop old thx ago, the tree is clean and no stable candidate exists We're done here, then. CVE-2013-4650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4650): MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. |