Mono: Untrusted Search Path Vulnerability

Users of Mono please be advised of an untrusted search path vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:240: [MDVSA-2010:240] mono Untrusted Search Path
Problem Description:

A vulnerability was discovered and corrected in mono:

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8

and earlier allows local users to gain privileges via a Trojan horse

shared library in the current working directory (CVE-2010-4159).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Read more at http://www.criticalwatch.com

 

Advertisements