CVE-2006-5072 - The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions,

CVE-2006-5072

Summary

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.

References

Vulnerable Configurations

cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	20340
fedora	FEDORA-2007-068
gentoo	GLSA-200611-23
mandriva	MDKSA-2006:188
secunia	22237 22277 22614 23154 23213 23776
suse	SUSE-SA:2006:073
ubuntu	USN-357-1
vupen	ADV-2006-3911
xf	mono-systemcodedomcompiler-symlink(29353)

Last major update

20-07-2017 - 01:33

Published

10-10-2006 - 04:06

Last modified

20-07-2017 - 01:33