209464 – CVE-2006-5072 Mono insecure temporary file usage

Bug 209464 - CVE-2006-5072 Mono insecure temporary file usage

Summary: CVE-2006-5072 Mono insecure temporary file usage

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mono
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Alexander Larsson
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=moderate,source=vendorsec,repo...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-10-05 14:32 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-10-07 11:22:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-10-05 14:32:39 UTC

This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in
mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs

The diff (actual there are 2 commits) to fix it are here:
http://svn.myrealbox.com/viewcvs/trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs?rev=65441&r1=57836&r2=65441
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.

Comment 1 Caolan McNamara 2006-10-06 08:41:46 UTC

Patch applies cleanly and looks correct, applied, built, added to fedora package
updates

Comment 2 Fedora Update System 2006-10-06 20:33:29 UTC

mono-1.1.13.7-2.fc5.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.