Bug 220853 (CVE-2006-6104) - CVE-2006-6104 XSP/mod_mono source code disclosure
Summary: CVE-2006-6104 XSP/mod_mono source code disclosure
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2006-6104
Product: Fedora
Classification: Fedora
Component: mono
Version: 6
Hardware: All
OS: Linux
urgent
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-28 00:03 UTC by Paul F. Johnson
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: mono-1.1.17.1-4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-15 12:49:07 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Paul F. Johnson 2006-12-28 00:03:20 UTC
Description of problem:

http://www.mono-project.com/news/archive/2006/Dec-20.html



A vulnerability, which allows an attacker to retrieve unprocessed web content
(e.g. source code), has been found in XSP.

People already using the latest supported version of Mono, 1.2.2 and 1.1.13.8.2,
are protected against this vulnerability. Other people are encouraged to update
to the latest supported version of Mono. Major distributions have already been
advised and updates should (now or shortly) be available for their supported
versions.

More information can be found here: http://www.mono-project.com/Vulnerabilities. 

Additional info:
Will the version of mono in FC6 be updated in the near future to remove this
problem?

Comment 1 Fedora Update System 2007-01-12 19:42:44 UTC
mono-1.1.17.1-4.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 Lubomir Kundrak 2007-01-15 12:49:07 UTC
(In reply to comment #0)
> Will the version of mono in FC6 be updated in the near future to remove this
> problem?

The packages were updated.


Note You need to log in before you can comment on or make changes to this bug.