Vulnerabilities > CVE-2006-5072 - Unspecified vulnerability in Mono 1.0/2.0
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-188.NASL description Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24573 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24573 title Mandrake Linux Security Advisory : mono (MDKSA-2006:188) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1012.NASL description CVE-2006-5072 Mono insecure temporary file usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24030 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24030 title Fedora Core 5 : mono-1.1.13.7-2.fc5.1 (2006-1012) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5A39A22E547811DB8F1A000A48049292.NASL description Sebastian Krahmer reports : Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes. last seen 2020-06-01 modified 2020-06-02 plugin id 22516 published 2006-10-10 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22516 title FreeBSD : mono -- 'System.CodeDom.Compiler' Insecure Temporary Creation (5a39a22e-5478-11db-8f1a-000a48049292) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_073.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:073 (mono-core). Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method. This is tracked by the Mitre CVE ID CVE-2006-5072. Packages for all affected distributions were released on November 10th, and for SLE 10 on November 27th. last seen 2019-10-28 modified 2007-02-18 plugin id 24450 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24450 title SUSE-SA:2006:073: mono-core NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-357-1.NASL description Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27937 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27937 title Ubuntu 5.10 / 6.06 LTS : mono vulnerability (USN-357-1) NASL family Fedora Local Security Checks NASL id FEDORA_2007-068.NASL description A security problem was found and fixed in mono class libraries that affects the Mono web server implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. After upgrading the packages you need to restart any running mono web server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24198 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24198 title Fedora Core 5 : mono-1.1.13.7-3.fc5.1 (2007-068) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200611-23.NASL description The remote host is affected by the vulnerability described in GLSA-200611-23 (Mono: Insecure temporary file creation) Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact : A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected class is called, this could result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23745 published 2006-11-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23745 title GLSA-200611-23 : Mono: Insecure temporary file creation
References
- http://fedoranews.org/cms/node/2401
- http://secunia.com/advisories/22237
- http://secunia.com/advisories/22277
- http://secunia.com/advisories/22614
- http://secunia.com/advisories/23154
- http://secunia.com/advisories/23213
- http://secunia.com/advisories/23776
- http://security.gentoo.org/glsa/glsa-200611-23.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:188
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/bid/20340
- http://www.ubuntu.com/usn/usn-357-1
- http://www.vupen.com/english/advisories/2006/3911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29353