Bug 209464 - CVE-2006-5072 Mono insecure temporary file usage
CVE-2006-5072 Mono insecure temporary file usage
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
Depends On:
  Show dependency treegraph
Reported: 2006-10-05 10:32 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-07 07:22:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-10-05 10:32:39 EDT
This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in

The diff (actual there are 2 commits) to fix it are here:
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.
Comment 1 Caolan McNamara 2006-10-06 04:41:46 EDT
Patch applies cleanly and looks correct, applied, built, added to fedora package
Comment 2 Fedora Update System 2006-10-06 16:33:29 EDT
mono- has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.