CVE-2010-4254

Sažetak

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://secunia.com/advisories/42373
http://secunia.com/advisories/42877
http://www.exploit-db.com/exploits/15974
http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
http://www.securityfocus.com/bid/45051
http://www.vupen.com/english/advisories/2011/0076
https://bugzilla.novell.com/show_bug.cgi?id=654136
https://bugzilla.novell.com/show_bug.cgi?id=655847
https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

02-02-2011 - 06:59

Objavljeno

06-12-2010 - 13:44