Candidate: CVE-2014-3971
PublicDate: 2014-12-25 11:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3971
 https://jira.mongodb.org/browse/SERVER-13753
 https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b
Description:
 The CmdAuthenticate::_authenticateX509 function in
 db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before
 2.6.2 allows remote attackers to cause a denial of service (daemon crash)
 by attempting authentication with an invalid X.509 client certificate.
Ubuntu-Description:
Notes:
 mdeslaur> 2.6+ only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mongodb:
upstream_mongodb: released (2.6.2)
lucid_mongodb: not-affected (1:1.2.2-1ubuntu1.1)
precise_mongodb: not-affected (1:2.0.4-1ubuntu2.1)
trusty_mongodb: not-affected (1:2.4.9-1ubuntu2)
trusty/esm_mongodb: not-affected (1:2.4.9-1ubuntu2)
utopic_mongodb: not-affected (1:2.6.3-0ubuntu5)
devel_mongodb: not-affected (1:2.6.3-0ubuntu5)