Bug 209467 - CVE-2006-5072 Mono insecure temporary file usage
CVE-2006-5072 Mono insecure temporary file usage
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
Depends On:
  Show dependency treegraph
Reported: 2006-10-05 10:35 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-07 07:22:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-10-05 10:35:07 EDT
+++ This bug was initially created as a clone of Bug #209464 +++

This information came from Marcus Meissner of Suse:

Sebastian Krahmer of SUSE audited Mono and found a tempfile
race condition in the Mono Core libraries, found in

The diff (actual there are 2 commits) to fix it are here:
I have only looked at them briefly, but the fix looks OK.

This can be used by a local attacker for instance with help of
System.Xml.Serialization (SerializationCodeGenerator.cs), which
compiles .cs code into .dlls on the fly, to inject code into a
running Mono process.
Comment 1 Caolan McNamara 2006-10-06 04:42:24 EDT
patch applied, and built, will ask release-engineering to move into FC-6
Comment 2 Caolan McNamara 2006-10-07 07:22:40 EDT
releng reports that this is moved to FC-6

Note You need to log in before you can comment on or make changes to this bug.