Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4254 to the following vulnerability: Name: CVE-2010-4254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254 Assigned: 20101116 Reference: CONFIRM: http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=654136 Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=655847 Reference: CONFIRM: https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 Reference: CONFIRM: https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 Reference: CONFIRM: https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac Reference: SECUNIA:42373 Reference: URL: http://secunia.com/advisories/42373 Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Created mono tracking bugs for this issue Affects: fedora-all [bug 659911]