FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mono -- "System.CodeDom.Compiler" Insecure Temporary Creation

Affected packages
mono < 1.1.13.8.1

Details

VuXML ID 5a39a22e-5478-11db-8f1a-000a48049292
Discovery 2006-10-04
Entry 2006-10-05

Sebastian Krahmer reports:

Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.

References

CVE Name CVE-2006-5072
URL http://secunia.com/advisories/22237/
URL http://www.ubuntu.com/usn/usn-357-1