FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
273c6c43-e3ad-11e9-8af7-08002720423d	mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. Discovery 2019-08-06 Entry 2019-09-30 mongodb34 < 3.4.22 mongodb36 < 3.6.14 mongodb40 < 4.0.11 CVE-2019-2389 https://jira.mongodb.org/browse/SERVER-40563

VuXML ID

Description

273c6c43-e3ad-11e9-8af7-08002720423d

mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name.

Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports:

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.

Discovery 2019-08-06
Entry 2019-09-30
mongodb34

< 3.4.22

mongodb36

< 3.6.14

mongodb40

< 4.0.11

CVE-2019-2389
https://jira.mongodb.org/browse/SERVER-40563