Bug 209464 - CVE-2006-5072 Mono insecure temporary file usage
Summary: CVE-2006-5072 Mono insecure temporary file usage
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mono
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL:
Whiteboard: impact=moderate,source=vendorsec,repo...
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-05 14:32 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-10-07 11:22:55 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Josh Bressers 2006-10-05 14:32:39 UTC 
This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in
mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs

The diff (actual there are 2 commits) to fix it are here:
http://svn.myrealbox.com/viewcvs/trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs?rev=65441&r1=57836&r2=65441
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.
Comment 1 Caolan McNamara 2006-10-06 08:41:46 UTC 
Patch applies cleanly and looks correct, applied, built, added to fedora package
updates
Comment 2 Fedora Update System 2006-10-06 20:33:29 UTC 
mono-1.1.13.7-2.fc5.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.