Vulnerability Description
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVSS Score
6.9
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mono | Mono | <= 2.6.7 |
References
- http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.htmlPatch
- http://marc.info/?l=oss-security&m=128939873515821&w=2
- http://marc.info/?l=oss-security&m=128939912716499&w=2
- http://marc.info/?l=oss-security&m=128941802415318&w=2
- http://secunia.com/advisories/42174Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:240
- http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library
- http://www.securityfocus.com/bid/44810
- http://www.vupen.com/english/advisories/2010/3059
- https://bugzilla.novell.com/show_bug.cgi?id=641915
- https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625Patch
- http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.htmlPatch
- http://marc.info/?l=oss-security&m=128939873515821&w=2
- http://marc.info/?l=oss-security&m=128939912716499&w=2
- http://marc.info/?l=oss-security&m=128941802415318&w=2
FAQ
What is CVE-2010-4159?
CVE-2010-4159 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
How severe is CVE-2010-4159?
CVE-2010-4159 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4159?
Check the references section above for vendor advisories and patch information. Affected products include: Mono Mono.