First Last Prev Next    This bug is not in your last search results.
Bug 209464 - CVE-2006-5072 Mono insecure temporary file usage
CVE-2006-5072 Mono insecure temporary file usage
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
impact=moderate,source=vendorsec,repo...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-05 10:32 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-07 07:22:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Josh Bressers 2006-10-05 10:32:39 EDT 
This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in
mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs

The diff (actual there are 2 commits) to fix it are here:
http://svn.myrealbox.com/viewcvs/trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs?rev=65441&r1=57836&r2=65441
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.
Comment 1 Caolan McNamara 2006-10-06 04:41:46 EDT 
Patch applies cleanly and looks correct, applied, built, added to fedora package
updates
Comment 2 Fedora Update System 2006-10-06 16:33:29 EDT 
mono-1.1.13.7-2.fc5.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.