Bug 220853 (CVE-2006-6104) - CVE-2006-6104 XSP/mod_mono source code disclosure
Summary: CVE-2006-6104 XSP/mod_mono source code disclosure
Status: CLOSED CURRENTRELEASE
Alias: CVE-2006-6104
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
urgent
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-28 00:03 UTC by Paul F. Johnson
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: mono-1.1.17.1-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-15 12:49:07 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Paul F. Johnson 2006-12-28 00:03:20 UTC
Description of problem:

http://www.mono-project.com/news/archive/2006/Dec-20.html



A vulnerability, which allows an attacker to retrieve unprocessed web content
(e.g. source code), has been found in XSP.

People already using the latest supported version of Mono, 1.2.2 and 1.1.13.8.2,
are protected against this vulnerability. Other people are encouraged to update
to the latest supported version of Mono. Major distributions have already been
advised and updates should (now or shortly) be available for their supported
versions.

More information can be found here: http://www.mono-project.com/Vulnerabilities. 

Additional info:
Will the version of mono in FC6 be updated in the near future to remove this
problem?

Comment 1 Fedora Update System 2007-01-12 19:42:44 UTC
mono-1.1.17.1-4.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 Lubomir Kundrak 2007-01-15 12:49:07 UTC
(In reply to comment #0)
> Will the version of mono in FC6 be updated in the near future to remove this
> problem?

The packages were updated.


Note You need to log in before you can comment on or make changes to this bug.