From bc3fb231d6cde8483579a42eb8395c9fd0318959 Mon Sep 17 00:00:00 2001 From: sat Date: Thu, 5 Oct 2006 14:00:56 +0000 Subject: - Document "System.CodeDom.Compiler" Insecure Temporary Creation in mono --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7a3e0c111e8c..8dae593d0815 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file. --> + + mono -- "System.CodeDom.Compiler" Insecure Temporary Creation + + + mono + 0 + + + mono-devel + mono-svn + 0 + + + + +

Sebastian Krahmer reports:

+
Sebastian Krahmer of the SuSE security team discovered + that the System.CodeDom.Compiler classes used temporary + files in an insecure way. This could allow a symbolic link + attack to create or overwrite arbitrary files with the + privileges of the user invoking the program. Under some + circumstances, a local attacker could also exploit this to + inject arbitrary code into running Mono processes.
+

+ + + + CVE-2006-5072 + http://www.ubuntu.com/usn/usn-357-1 + http://secunia.com/advisories/22237/ + + + 2006-10-04 + 2006-10-05 + + + php -- open_basedir Race Condition Vulnerability -- cgit