Test ID:	1.3.6.1.4.1.25623.1.0.69409
Category:	Fedora Local Security Checks
Title:	Fedora Core 14 FEDORA-2011-3393 (mono-addins)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mono-addins announced via advisory FEDORA-2011-3393. Update Information: * CVE-2010-4159 * CVE-2010-4254 * mono-core and mono-addins do not depend on mono-devel anymore References: [ 1 ] Bug #654403 - CVE-2010-4159 mono: untrusted search path vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=654403 [ 2 ] Bug #659910 - CVE-2010-4254 mono: vulnerability when Moonlight is used may allow arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=659910 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update mono-addins' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2011-3393 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4159 42174 http://secunia.com/advisories/42174 44810 http://www.securityfocus.com/bid/44810 ADV-2010-3059 http://www.vupen.com/english/advisories/2010/3059 MDVSA-2010:240 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 [mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd. http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html [oss-security] 20101110 CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939873515821&w=2 [oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading https://bugzilla.novell.com/show_bug.cgi?id=641915 https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625 Common Vulnerability Exposure (CVE) ID: CVE-2010-4254 15974 http://www.exploit-db.com/exploits/15974 42373 http://secunia.com/advisories/42373 42877 http://secunia.com/advisories/42877 45051 http://www.securityfocus.com/bid/45051 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability https://bugzilla.novell.com/show_bug.cgi?id=654136 https://bugzilla.novell.com/show_bug.cgi?id=655847 https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.