CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
12.7%
Sebastian Krahmer of the SuSE security team discovered that the
System.CodeDom.Compiler classes used temporary files in an insecure
way. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the program.
Under some circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.06 | noarch | mono-classlib-2.0 | < 1.1.13.6-0ubuntu3.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | mono-classlib-1.0 | < 1.1.13.6-0ubuntu3.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | mono-classlib-2.0 | < 1.1.8.3-1ubuntu2.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | mono-classlib-1.0 | < 1.1.8.3-1ubuntu2.1 | UNKNOWN |