CVE-2011-0990
https://notcve.org/view.php?id=CVE-2011-0990
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. Condición de carrera en la optimización de FastCopy en el método Array.Copy en metadata/icall.c de Mono, cuando se utiliza Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3, permite a atacantes remotos provocar un desbordamiento del búfer y modificar las estructuras internas de datos, también permite provocar una denegación de servicio (caída del plugin) o corromper el estado interno del gestor de seguridad mediante un fichero media manipulado, en el que un hilo realiza un cambio después de una comprobación de escritura pero antes de una acción de copiado. • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.mono-project.com/Vulnerabilities http://www.securityfocus.com/bid/47208 http://www.vupen.com/english/advisories/2011/0904 https://bugzilla.novell.com/show_bug.cgi?id=667077 https://exchange.xforce.ibmcloud.com/vulnerabilities/66625 https://github.com/mono/mono/commit/2f00e4bbb2137130 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-0989
https://notcve.org/view.php?id=CVE-2011-0989
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. El método RuntimeHelpers.InitializeArray de metadata/icall.c de Mono, si Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3 es utilizado, no restringe apropiadamente los tipos de datos, lo que permite a atacantes remotos modificar las estructuras de datos de sólo lectura internas, y provocar una denegación de servicio (caída o cuelgue del plugin) o coromper el estado interno del gestor de seguridad, a través de un fichero multimedia modificado, como se ha demostrado modificando una struct C#. • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.mono-project.com/Vulnerabilities http://www.securityfocus.com/bid/47208 http://www.vupen.com/english/advisories/2011/0904 https://bugzilla.novell.com/show_bug.cgi?id=667077 https://exchange.xforce.ibmcloud.com/vulnerabilities/66624 https://github.com/mono/mono/commit/035c8587c0d8d307 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0992
https://notcve.org/view.php?id=CVE-2011-0992
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Vulnerabilidad de tipo usar después de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue del plugin) u obtener información confidencial a través de datos miembros de una instancia "resurrected MonoThread". • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.mono-project.com/Vulnerabilities http://www.securityfocus.com/bid/47208 http://www.vupen.com/english/advisories/2011/0904 https://bugzilla.novell.com/show_bug.cgi?id=667077 https://bugzilla.novell.com/show_bug.cgi?id=678515 https://bugzilla.redhat.com/show_bug.cgi?id=6949 • CWE-399: Resource Management Errors •
CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html http://marc.info/?l=oss-security&m=128939873515821&w=2 http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://secunia.com/advisories/42174 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading http://www.securityfocus.com/bid/44810 http://www.vupe •
CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el parámetro __VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting http://www.securityfocus.com/bid/40351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •