Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2010-240.NASLHistoryNov 28, 2010 - 12:00 a.m.
Mandriva Linux Security Advisory : mono (MDVSA-2010:240)
2010-11-2800:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability was discovered and corrected in mono :
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90
The updated packages have been patched to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2010:240.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50819);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2010-4159");
script_bugtraq_id(44810);
script_xref(name:"MDVSA", value:"2010:240");
script_name(english:"Mandriva Linux Security Advisory : mono (MDVSA-2010:240)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A vulnerability was discovered and corrected in mono :
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8
and earlier allows local users to gain privileges via a Trojan horse
shared library in the current working directory (CVE-2010-4159).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90
The updated packages have been patched to correct this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:jay");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mono-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mono0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmono-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmono0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-bytefx-data-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data-firebird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data-postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-data-sybase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-extras");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-ibm-data-db2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-jscript");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-locale-extras");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-nunit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-wcf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-web");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-winforms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mono-winfxcore");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:monodoc-core");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"jay-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64mono-devel-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64mono0-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libmono-devel-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libmono0-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-bytefx-data-mysql-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-firebird-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-oracle-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-postgresql-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-sqlite-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-data-sybase-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-doc-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-extras-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-ibm-data-db2-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-jscript-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-locale-extras-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-nunit-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-web-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mono-winforms-1.9.1-5.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"jay-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mono-devel-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mono0-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmono-devel-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmono0-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-bytefx-data-mysql-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-firebird-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-oracle-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-postgresql-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-sqlite-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-data-sybase-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-doc-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-extras-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-ibm-data-db2-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-jscript-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-locale-extras-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-nunit-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-wcf-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-web-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mono-winforms-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"monodoc-core-2.4.2.3-2.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"jay-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mono-devel-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mono0-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmono-devel-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmono0-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-bytefx-data-mysql-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-firebird-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-oracle-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-postgresql-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-sqlite-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-data-sybase-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-doc-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-extras-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-ibm-data-db2-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-jscript-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-locale-extras-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-nunit-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-wcf-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-web-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-winforms-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mono-winfxcore-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"monodoc-core-2.6.4-4.1mdv2010.1", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | jay | p-cpe:/a:mandriva:linux:jay |
| mandriva | linux | lib64mono-devel | p-cpe:/a:mandriva:linux:lib64mono-devel |
| mandriva | linux | lib64mono0 | p-cpe:/a:mandriva:linux:lib64mono0 |
| mandriva | linux | libmono-devel | p-cpe:/a:mandriva:linux:libmono-devel |
| mandriva | linux | libmono0 | p-cpe:/a:mandriva:linux:libmono0 |
| mandriva | linux | mono | p-cpe:/a:mandriva:linux:mono |
| mandriva | linux | mono-bytefx-data-mysql | p-cpe:/a:mandriva:linux:mono-bytefx-data-mysql |
| mandriva | linux | mono-data | p-cpe:/a:mandriva:linux:mono-data |
| mandriva | linux | mono-data-firebird | p-cpe:/a:mandriva:linux:mono-data-firebird |
| mandriva | linux | mono-data-oracle | p-cpe:/a:mandriva:linux:mono-data-oracle |
Related
nessus
nessus
SuSE 10 Security Update : Mono (ZYPP Patch Number 7445)
2011-04-22 00:00:00
SuSE 10 Security Update : Mono (ZYPP Patch Number 7479)
2011-12-13 00:00:00
Fedora 14 : mono-2.6.7-4.fc14 / mono-addins-0.5-2.fc14 (2011-3393)
2011-04-01 00:00:00
cvelist
cvelist
CVE-2010-4159
2010-11-17 15:00:00
securityvulns
securityvulns
[ MDVSA-2010:240 ] mono
2010-11-28 00:00:00
Mono code execution
2010-11-28 00:00:00
openvas
openvas
Mandriva Update for mono MDVSA-2010:240 (mono)
2010-12-02 00:00:00
Mandriva Update for mono MDVSA-2010:240 (mono)
2010-12-02 00:00:00
Fedora Update for mono FEDORA-2011-3393
2011-04-01 00:00:00
ubuntucve
ubuntucve
CVE-2010-4159
2010-11-17 00:00:00
prion
prion
Design/Logic Flaw
2010-11-17 16:00:00
debiancve
debiancve
CVE-2010-4159
2010-11-17 16:00:36
nvd
nvd
CVE-2010-4159
2010-11-17 16:00:36
cve
cve
CVE-2010-4159
2010-11-17 16:00:36
fedora
fedora
[SECURITY] Fedora 14 Update: mono-addins-0.5-2.fc14
2011-03-31 17:00:53
[SECURITY] Fedora 14 Update: mono-2.6.7-4.fc14
2011-03-31 17:00:53
ubuntu
ubuntu
Mono vulnerabilities
2012-07-25 00:00:00
gentoo
gentoo
Mono: Multiple vulnerabilities
2012-06-21 00:00:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Related for MANDRIVA_MDVSA-2010-240.NASL