Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:240 (mono)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68568

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:240 (mono)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to mono
announced via advisory MDVSA-2010:240.

A vulnerability was discovered and corrected in mono:

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8
and earlier allows local users to gain privileges via a Trojan horse
shared library in the current working directory (CVE-2010-4159).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:240

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4159
42174
http://secunia.com/advisories/42174
44810
http://www.securityfocus.com/bid/44810
ADV-2010-3059
http://www.vupen.com/english/advisories/2010/3059
MDVSA-2010:240
http://www.mandriva.com/security/advisories?name=MDVSA-2010:240
[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.
http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html
[oss-security] 20101110 CVE request: mono loading shared libs from cwd
http://marc.info/?l=oss-security&m=128939873515821&w=2
[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd
http://marc.info/?l=oss-security&m=128939912716499&w=2
http://marc.info/?l=oss-security&m=128941802415318&w=2
http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading
https://bugzilla.novell.com/show_bug.cgi?id=641915
https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68568
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:240 (mono)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mono announced via advisory MDVSA-2010:240. A vulnerability was discovered and corrected in mono: Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:240 Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4159 42174 http://secunia.com/advisories/42174 44810 http://www.securityfocus.com/bid/44810 ADV-2010-3059 http://www.vupen.com/english/advisories/2010/3059 MDVSA-2010:240 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 [mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd. http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html [oss-security] 20101110 CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939873515821&w=2 [oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading https://bugzilla.novell.com/show_bug.cgi?id=641915 https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com