CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
97.1%
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Vendor | Product | Version | CPE |
---|---|---|---|
mono | mono | * | cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:* |
novell | moonlight | * | cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:* |
novell | moonlight | 2.99.0 | cpe:2.3:a:novell:moonlight:2.99.0:*:*:*:*:*:*:* |
novell | moonlight | 2.99.1 | cpe:2.3:a:novell:moonlight:2.99.1:*:*:*:*:*:*:* |
novell | moonlight | 2.99.2 | cpe:2.3:a:novell:moonlight:2.99.2:*:*:*:*:*:*:* |
novell | moonlight | 2.99.7 | cpe:2.3:a:novell:moonlight:2.99.7:*:*:*:*:*:*:* |
novell | moonlight | 2.99.9 | cpe:2.3:a:novell:moonlight:2.99.9:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
secunia.com/advisories/42373
secunia.com/advisories/42877
www.exploit-db.com/exploits/15974
www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
www.securityfocus.com/bid/45051
www.vupen.com/english/advisories/2011/0076
bugzilla.novell.com/show_bug.cgi?id=654136
bugzilla.novell.com/show_bug.cgi?id=655847
github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac