Lucene search

MitreCVE-2006-5072

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5072

2006-10-1004:06:00

mitre

web.nvd.nist.gov

novell mono

codedom compiler

temporary files

insecure permissions

local users

symlink attack

arbitrary code execution

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

12.7%

JSON

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.

Affected configurations

Nvd

Node

monomonoMatch1.0

monomonoMatch2.0

VendorProductVersionCPE
monomono1.0cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
monomono2.0cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mono	mono	1.0	cpe:2.3:a:mono:mono:1.0:::::::*
mono	mono	2.0	cpe:2.3:a:mono:mono:2.0:::::::*

References

fedoranews.org/cms/node/2401

secunia.com/advisories/22237

secunia.com/advisories/22277

secunia.com/advisories/22614

secunia.com/advisories/23154

secunia.com/advisories/23213

secunia.com/advisories/23776

security.gentoo.org/glsa/glsa-200611-23.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:188

www.novell.com/linux/security/advisories/2006_73_mono.html

www.securityfocus.com/bid/20340

www.ubuntu.com/usn/usn-357-1

www.vupen.com/english/advisories/2006/3911

exchange.xforce.ibmcloud.com/vulnerabilities/29353

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2006-5072