Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Critical - P2
Fix Version/s: 2.6.0-rc0
Affects Version/s: None
Component/s: Packaging, Security
Labels:
None
Environment:
Debian Testing

Backwards Compatibility:
Fully Compatible
Operating System:
Linux
Sprint:
Security [00-02-20-15]

The default install of mongodb from the repo:
http://downloads-distro.mongodb.org/repo/debian-sysvinit

Does not have a "bind_ip 127.0.0.1" option set in the mongodb.conf. This leaves a users server vulnerable if they are not aware of this setting. The default should be to lockdown as much as possible and only expose if the user requests it.

is related to

SERVER-792 Bind to localhost by default in RPM and debs only

Closed

Assignee:: Andreas Nilsson

Reporter:: Roman Shtylman

Participants:: Andreas Nilsson, Eliot Horowitz, Roman Shtylman

Votes:: 2 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: Nov 04 2011 05:55:10 PM UTC

Updated:: Jul 11 2016 06:35:26 PM UTC

Resolved:: Apr 08 2014 02:49:26 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates