Bug 209467 - CVE-2006-5072 Mono insecure temporary file usage
CVE-2006-5072 Mono insecure temporary file usage
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
impact=moderate,source=vendorsec,repo...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-05 10:35 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-07 07:22:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-10-05 10:35:07 EDT
+++ This bug was initially created as a clone of Bug #209464 +++

This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in
mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs

The diff (actual there are 2 commits) to fix it are here:
http://svn.myrealbox.com/viewcvs/trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs?rev=65441&r1=57836&r2=65441
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.
Comment 1 Caolan McNamara 2006-10-06 04:42:24 EDT
patch applied, and built, will ask release-engineering to move into FC-6
Comment 2 Caolan McNamara 2006-10-07 07:22:40 EDT
releng reports that this is moved to FC-6

Note You need to log in before you can comment on or make changes to this bug.