ID CVE-2010-4159
Summary Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:mono:mono:1.0.1
    cpe:2.3:a:mono:mono:1.0.1
  • cpe:2.3:a:mono:mono:1.1.8.1
    cpe:2.3:a:mono:mono:1.1.8.1
  • Novell Mono 1.1.17
    cpe:2.3:a:mono:mono:1.1.17
  • cpe:2.3:a:mono:mono:1.1.9
    cpe:2.3:a:mono:mono:1.1.9
  • Novell Mono 1.1.18
    cpe:2.3:a:mono:mono:1.1.18
  • cpe:2.3:a:mono:mono:1.1.7
    cpe:2.3:a:mono:mono:1.1.7
  • Novell Mono 1.1.4
    cpe:2.3:a:mono:mono:1.1.4
  • cpe:2.3:a:mono:mono:1.1.8
    cpe:2.3:a:mono:mono:1.1.8
  • Novell Mono 1.1.13
    cpe:2.3:a:mono:mono:1.1.13
  • Novell Mono 1.1.8.3
    cpe:2.3:a:mono:mono:1.1.8.3
  • cpe:2.3:a:mono:mono:1.1.10
    cpe:2.3:a:mono:mono:1.1.10
  • cpe:2.3:a:mono:mono:1.1.10.1
    cpe:2.3:a:mono:mono:1.1.10.1
  • Novell Mono 1.0
    cpe:2.3:a:mono:mono:1.0
  • cpe:2.3:a:mono:mono:1.1.9.1
    cpe:2.3:a:mono:mono:1.1.9.1
  • Novell Mono 1.1.13.7
    cpe:2.3:a:mono:mono:1.1.13.7
  • cpe:2.3:a:mono:mono:1.1.9.2
    cpe:2.3:a:mono:mono:1.1.9.2
  • Novell Mono 1.1.17.1
    cpe:2.3:a:mono:mono:1.1.17.1
  • Novell Mono 1.1.13.4
    cpe:2.3:a:mono:mono:1.1.13.4
  • cpe:2.3:a:mono:mono:1.0.6
    cpe:2.3:a:mono:mono:1.0.6
  • Novell Mono 1.1.13.6
    cpe:2.3:a:mono:mono:1.1.13.6
  • cpe:2.3:a:mono:mono:1.1.1
    cpe:2.3:a:mono:mono:1.1.1
  • cpe:2.3:a:mono:mono:1.0.2
    cpe:2.3:a:mono:mono:1.0.2
  • cpe:2.3:a:mono:mono:1.0.4
    cpe:2.3:a:mono:mono:1.0.4
  • cpe:2.3:a:mono:mono:1.1.5
    cpe:2.3:a:mono:mono:1.1.5
  • cpe:2.3:a:mono:mono:1.1.6
    cpe:2.3:a:mono:mono:1.1.6
  • cpe:2.3:a:mono:mono:1.1.2
    cpe:2.3:a:mono:mono:1.1.2
  • cpe:2.3:a:mono:mono:1.1.3
    cpe:2.3:a:mono:mono:1.1.3
  • Novell Mono 1.0.5
    cpe:2.3:a:mono:mono:1.0.5
  • Novell Mono 1.2.5.1
    cpe:2.3:a:mono:mono:1.2.5.1
  • cpe:2.3:a:mono:mono:2.0.1
    cpe:2.3:a:mono:mono:2.0.1
  • cpe:2.3:a:mono:mono:1.9.1
    cpe:2.3:a:mono:mono:1.9.1
  • cpe:2.3:a:mono:mono:1.9
    cpe:2.3:a:mono:mono:1.9
  • cpe:2.3:a:mono:mono:1.2.6
    cpe:2.3:a:mono:mono:1.2.6
  • cpe:2.3:a:mono:mono:1.2.5.2
    cpe:2.3:a:mono:mono:1.2.5.2
  • cpe:2.3:a:mono:mono:1.2.5
    cpe:2.3:a:mono:mono:1.2.5
  • cpe:2.3:a:mono:mono:1.2.4
    cpe:2.3:a:mono:mono:1.2.4
  • cpe:2.3:a:mono:mono:1.2.3.1
    cpe:2.3:a:mono:mono:1.2.3.1
  • cpe:2.3:a:mono:mono:1.1.17.2
    cpe:2.3:a:mono:mono:1.1.17.2
  • cpe:2.3:a:mono:mono:2.4.3
    cpe:2.3:a:mono:mono:2.4.3
  • cpe:2.3:a:mono:mono:2.4.2.3
    cpe:2.3:a:mono:mono:2.4.2.3
  • cpe:2.3:a:mono:mono:2.4.2.2
    cpe:2.3:a:mono:mono:2.4.2.2
  • cpe:2.3:a:mono:mono:2.4.2.1
    cpe:2.3:a:mono:mono:2.4.2.1
  • cpe:2.3:a:mono:mono:2.4.2
    cpe:2.3:a:mono:mono:2.4.2
  • cpe:2.3:a:mono:mono:2.4
    cpe:2.3:a:mono:mono:2.4
  • cpe:2.3:a:mono:mono:2.2
    cpe:2.3:a:mono:mono:2.2
  • cpe:2.3:a:mono:mono:1.1.13.8.1
    cpe:2.3:a:mono:mono:1.1.13.8.1
  • cpe:2.3:a:mono:mono:1.1.14
    cpe:2.3:a:mono:mono:1.1.14
  • cpe:2.3:a:mono:mono:1.1.13.5
    cpe:2.3:a:mono:mono:1.1.13.5
  • cpe:2.3:a:mono:mono:1.1.13.8
    cpe:2.3:a:mono:mono:1.1.13.8
  • Novell Mono 2.0
    cpe:2.3:a:mono:mono:2.0
  • cpe:2.3:a:mono:mono:1.1.12.1
    cpe:2.3:a:mono:mono:1.1.12.1
  • cpe:2.3:a:mono:mono:1.1.13.2
    cpe:2.3:a:mono:mono:1.1.13.2
  • cpe:2.3:a:mono:mono:1.1.11
    cpe:2.3:a:mono:mono:1.1.11
  • cpe:2.3:a:mono:mono:1.1.12
    cpe:2.3:a:mono:mono:1.1.12
  • cpe:2.3:a:mono:mono:1.2.2.1
    cpe:2.3:a:mono:mono:1.2.2.1
  • cpe:2.3:a:mono:mono:1.2.3
    cpe:2.3:a:mono:mono:1.2.3
  • cpe:2.3:a:mono:mono:1.2.1
    cpe:2.3:a:mono:mono:1.2.1
  • cpe:2.3:a:mono:mono:1.2.2
    cpe:2.3:a:mono:mono:1.2.2
  • cpe:2.3:a:mono:mono:1.1.16.1
    cpe:2.3:a:mono:mono:1.1.16.1
  • cpe:2.3:a:mono:mono:1.2
    cpe:2.3:a:mono:mono:1.2
  • cpe:2.3:a:mono:mono:1.1.15
    cpe:2.3:a:mono:mono:1.1.15
  • cpe:2.3:a:mono:mono:1.1.16
    cpe:2.3:a:mono:mono:1.1.16
  • cpe:2.3:a:mono:mono:2.6.7
    cpe:2.3:a:mono:mono:2.6.7
  • cpe:2.3:a:mono:mono:2.6.4
    cpe:2.3:a:mono:mono:2.6.4
  • cpe:2.3:a:mono:mono:2.6.3
    cpe:2.3:a:mono:mono:2.6.3
  • cpe:2.3:a:mono:mono:2.6
    cpe:2.3:a:mono:mono:2.6
CVSS
Base: 6.9 (as of 18-11-2010 - 14:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BYTEFX-DATA-MYSQL-7445.NASL
    description The following bug has been fixed : - Mono loaded shared libraries from the current directory. (CVE-2010-4159)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 53530
    published 2011-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53530
    title SuSE 10 Security Update : Mono (ZYPP Patch Number 7445)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-240.NASL
    description A vulnerability was discovered and corrected in mono : Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50819
    published 2010-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50819
    title Mandriva Linux Security Advisory : mono (MDVSA-2010:240)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59651
    published 2012-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59651
    title GLSA-201206-13 : Mono: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-3393.NASL
    description - CVE-2010-4159 - CVE-2010-4254 - mono-core and mono-addins do not depend on mono-devel anymore Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 53241
    published 2011-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53241
    title Fedora 14 : mono-2.6.7-4.fc14 / mono-addins-0.5-2.fc14 (2011-3393)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BYTEFX-DATA-MYSQL-7479.NASL
    description The following bug has been fixed : - mono loaded shared libraries from the current directory. (CVE-2010-4159)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 57164
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57164
    title SuSE 10 Security Update : Mono (ZYPP Patch Number 7479)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BYTEFX-DATA-MYSQL-110331.NASL
    description The following security bugs have been fixed : - Mono was vulnerable to a padding oracle attack. (CVE-2010-3332) - Mono loaded shared libraries from the current directory. (CVE-2010-4159)
    last seen 2018-09-02
    modified 2013-10-25
    plugin id 53528
    published 2011-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53528
    title SuSE 11.1 Security Update : Mono (SAT Patch Number 4260)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1517-1.NASL
    description It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382) It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4159). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 60126
    published 2012-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60126
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)
refmap via4
bid 44810
confirm
mandriva MDVSA-2010:240
mlist
  • [mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.
  • [oss-security] 20101110 CVE request: mono loading shared libs from cwd
  • [oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd
secunia 42174
vupen ADV-2010-3059
Last major update 09-12-2010 - 03:36
Published 17-11-2010 - 11:00
Back to Top