Search...

Fedora Update for mono FEDORA-2007-068

2009-02-27T00:00:00

ID OPENVAS:861463
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2017-07-10T00:00:00

Description

Check for the Version of mono

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mono FEDORA-2007-068
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_affected = "mono on Fedora Core 5";
tag_insight = "The Mono runtime implements a JIT engine for the ECMA CLI
  virtual machine (as well as a byte code interpreter, the
  class loader, the garbage collector, threading system and
  metadata access libraries.";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html");
  script_id(861463);
  script_version("$Revision: 6622 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)");
  script_tag(name:"cvss_base", value:"6.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_xref(name: "FEDORA", value: "2007-068");
  script_cve_id("CVE-2006-6104", "CVE-2006-5072");
  script_name( "Fedora Update for mono FEDORA-2007-068");

  script_summary("Check for the Version of mono");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora_core", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC5")
{

  if ((res = isrpmvuln(pkg:"mono", rpm:"mono~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-winforms", rpm:"x86_64/mono-winforms~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data-firebird", rpm:"x86_64/mono-data-firebird~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-locale-extras", rpm:"x86_64/mono-locale-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-web", rpm:"x86_64/mono-web~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/debug/mono-debuginfo", rpm:"x86_64/debug/mono-debuginfo~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/ibm-data-db2", rpm:"x86_64/ibm-data-db2~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/bytefx-data-mysql", rpm:"x86_64/bytefx-data-mysql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-core", rpm:"x86_64/mono-core~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-jscript", rpm:"x86_64/mono-jscript~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-devel", rpm:"x86_64/mono-devel~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data-sqlite", rpm:"x86_64/mono-data-sqlite~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data-oracle", rpm:"x86_64/mono-data-oracle~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-basic", rpm:"x86_64/mono-basic~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-extras", rpm:"x86_64/mono-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data-sybase", rpm:"x86_64/mono-data-sybase~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-nunit", rpm:"x86_64/mono-nunit~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data", rpm:"x86_64/mono-data~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"x86_64/mono-data-postgresql", rpm:"x86_64/mono-data-postgresql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data-firebird", rpm:"i386/mono-data-firebird~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-nunit", rpm:"i386/mono-nunit~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-basic", rpm:"i386/mono-basic~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-jscript", rpm:"i386/mono-jscript~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data", rpm:"i386/mono-data~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data-oracle", rpm:"i386/mono-data-oracle~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-devel", rpm:"i386/mono-devel~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data-postgresql", rpm:"i386/mono-data-postgresql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/bytefx-data-mysql", rpm:"i386/bytefx-data-mysql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-locale-extras", rpm:"i386/mono-locale-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/ibm-data-db2", rpm:"i386/ibm-data-db2~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-core", rpm:"i386/mono-core~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data-sybase", rpm:"i386/mono-data-sybase~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/debug/mono-debuginfo", rpm:"i386/debug/mono-debuginfo~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-web", rpm:"i386/mono-web~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-extras", rpm:"i386/mono-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-winforms", rpm:"i386/mono-winforms~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"i386/mono-data-sqlite", rpm:"i386/mono-data-sqlite~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Fedora Local Security Checks", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007-068", "https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html"], "description": "Check for the Version of mono", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a7b34c3caa9c0223711f7aadeb0cf7ff"}, {"key": "cvss", "hash": "20b312358ab5f293fffb562d006d88f6"}, {"key": "description", "hash": "6b017a7dd5d36208ba2a1fbb1a00a264"}, {"key": "href", "hash": "9a008ac016a2706b8b7ac02691c12c77"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "da44ad9d7bbf7baff043076d6ede80e6"}, {"key": "published", "hash": "35afa346a8e2805a0b04c27bc47830d3"}, {"key": "references", "hash": "1ede0622029e9c405f24880f9998ec96"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "sourceData", "hash": "52fc591876afdad6df84dfc213c18621"}, {"key": "title", "hash": "de8e734f847fb223f75bd7fc286b9643"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=861463", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "enchantments": {"vulnersScore": 7.5}, "id": "OPENVAS:861463", "title": "Fedora Update for mono FEDORA-2007-068", "hash": "08619ef7353189791c9d712b7ff06a8cc3a790f6d830eaba4165dcad756ac9aa", "edition": 2, "published": "2009-02-27T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:14:20", "bulletin": {"hash": "693891a2f35f42a4e012f0d26b756ceb6449abc0e1dc5d738950e837807f35d5", "viewCount": 0, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007-068", "https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html"], "description": "Check for the Version of mono", "hashmap": [{"key": "description", "hash": "6b017a7dd5d36208ba2a1fbb1a00a264"}, {"key": "references", "hash": "1ede0622029e9c405f24880f9998ec96"}, {"key": "href", "hash": "9a008ac016a2706b8b7ac02691c12c77"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "title", "hash": "de8e734f847fb223f75bd7fc286b9643"}, {"key": "published", "hash": "35afa346a8e2805a0b04c27bc47830d3"}, {"key": "cvelist", "hash": "a7b34c3caa9c0223711f7aadeb0cf7ff"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "sourceData", "hash": "da8808ddebf8ddc5c31f75cf4f5f2dae"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "da44ad9d7bbf7baff043076d6ede80e6"}, {"key": "modified", "hash": "4ed7125049d645019b6eebcb04b5daf6"}, {"key": "cvss", "hash": "20b312358ab5f293fffb562d006d88f6"}], "naslFamily": "Fedora Local Security Checks", "modified": "2016-05-03T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=861463", "published": "2009-02-27T00:00:00", "enchantments": {}, "id": "OPENVAS:861463", "title": "Fedora Update for mono FEDORA-2007-068", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2007-068\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora Core 5\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html\");\n script_id(861463);\n script_version(\"$Revision: 3213 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-03 13:50:44 +0200 (Tue, 03 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-068\");\n script_cve_id(\"CVE-2006-6104\", \"CVE-2006-5072\");\n script_name( \"Fedora Update for mono FEDORA-2007-068\");\n\n script_summary(\"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora_core\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-winforms\", rpm:\"x86_64/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-firebird\", rpm:\"x86_64/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-locale-extras\", rpm:\"x86_64/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-web\", rpm:\"x86_64/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/mono-debuginfo\", rpm:\"x86_64/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ibm-data-db2\", rpm:\"x86_64/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bytefx-data-mysql\", rpm:\"x86_64/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-core\", rpm:\"x86_64/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-jscript\", rpm:\"x86_64/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-devel\", rpm:\"x86_64/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sqlite\", rpm:\"x86_64/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-oracle\", rpm:\"x86_64/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-basic\", rpm:\"x86_64/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-extras\", rpm:\"x86_64/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sybase\", rpm:\"x86_64/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-nunit\", rpm:\"x86_64/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data\", rpm:\"x86_64/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-postgresql\", rpm:\"x86_64/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-firebird\", rpm:\"i386/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-nunit\", rpm:\"i386/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-basic\", rpm:\"i386/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-jscript\", rpm:\"i386/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data\", rpm:\"i386/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-oracle\", rpm:\"i386/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-devel\", rpm:\"i386/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-postgresql\", rpm:\"i386/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bytefx-data-mysql\", rpm:\"i386/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-locale-extras\", rpm:\"i386/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ibm-data-db2\", rpm:\"i386/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-core\", rpm:\"i386/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sybase\", rpm:\"i386/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/mono-debuginfo\", rpm:\"i386/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-web\", rpm:\"i386/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-extras\", rpm:\"i386/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-winforms\", rpm:\"i386/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sqlite\", rpm:\"i386/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "type": "openvas", "history": [], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "lastseen": "2017-07-02T21:14:20", "pluginID": "861463"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "lastseen": "2017-07-25T10:57:15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2007-068\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora Core 5\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html\");\n script_id(861463);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-068\");\n script_cve_id(\"CVE-2006-6104\", \"CVE-2006-5072\");\n script_name( \"Fedora Update for mono FEDORA-2007-068\");\n\n script_summary(\"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-winforms\", rpm:\"x86_64/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-firebird\", rpm:\"x86_64/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-locale-extras\", rpm:\"x86_64/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-web\", rpm:\"x86_64/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/mono-debuginfo\", rpm:\"x86_64/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ibm-data-db2\", rpm:\"x86_64/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bytefx-data-mysql\", rpm:\"x86_64/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-core\", rpm:\"x86_64/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-jscript\", rpm:\"x86_64/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-devel\", rpm:\"x86_64/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sqlite\", rpm:\"x86_64/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-oracle\", rpm:\"x86_64/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-basic\", rpm:\"x86_64/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-extras\", rpm:\"x86_64/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sybase\", rpm:\"x86_64/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-nunit\", rpm:\"x86_64/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data\", rpm:\"x86_64/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-postgresql\", rpm:\"x86_64/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-firebird\", rpm:\"i386/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-nunit\", rpm:\"i386/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-basic\", rpm:\"i386/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-jscript\", rpm:\"i386/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data\", rpm:\"i386/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-oracle\", rpm:\"i386/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-devel\", rpm:\"i386/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-postgresql\", rpm:\"i386/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bytefx-data-mysql\", rpm:\"i386/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-locale-extras\", rpm:\"i386/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ibm-data-db2\", rpm:\"i386/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-core\", rpm:\"i386/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sybase\", rpm:\"i386/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/mono-debuginfo\", rpm:\"i386/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-web\", rpm:\"i386/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-extras\", rpm:\"i386/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-winforms\", rpm:\"i386/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sqlite\", rpm:\"i386/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "pluginID": "861463"}

{"result": {"cve": [{"id": "CVE-2006-5072", "type": "cve", "title": "CVE-2006-5072", "description": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.", "published": "2006-10-10T00:06:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5072", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-07-20T10:49:34"}, {"id": "CVE-2006-6104", "type": "cve", "title": "CVE-2006-6104", "description": "The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.", "published": "2006-12-21T14:28:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6104", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-10-11T11:06:52"}], "nessus": [{"id": "MANDRAKE_MDKSA-2006-188.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mono (MDKSA-2006:188)", "description": "Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes.\n\nUpdated packages have been patched to correct this issue.", "published": "2007-02-18T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24573", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-10-29T13:33:50"}, {"id": "GENTOO_GLSA-200611-23.NASL", "type": "nessus", "title": "GLSA-200611-23 : Mono: Insecure temporary file creation", "description": "The remote host is affected by the vulnerability described in GLSA-200611-23 (Mono: Insecure temporary file creation)\n\n Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions.\n Impact :\n\n A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected class is called, this could result in the file being overwritten with the rights of the user running the script.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-11-30T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23745", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-10-29T13:42:45"}, {"id": "UBUNTU_USN-357-1.NASL", "type": "nessus", "title": "Ubuntu 5.10 / 6.06 LTS : mono vulnerability (USN-357-1)", "description": "Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.\nUnder some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27937", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-10-29T13:38:33"}, {"id": "FREEBSD_PKG_5A39A22E547811DB8F1A000A48049292.NASL", "type": "nessus", "title": "FreeBSD : mono -- 'System.CodeDom.Compiler' Insecure Temporary Creation (5a39a22e-5478-11db-8f1a-000a48049292)", "description": "Sebastian Krahmer reports :\n\nSebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.\nUnder some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.", "published": "2006-10-10T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22516", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-10-29T13:35:17"}, {"id": "FEDORA_2007-068.NASL", "type": "nessus", "title": "Fedora Core 5 : mono-1.1.13.7-3.fc5.1 (2007-068)", "description": "A security problem was found and fixed in mono class libraries that affects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web server.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-01-17T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24198", "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "lastseen": "2017-10-29T13:42:58"}, {"id": "UBUNTU_USN-397-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)", "description": "Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27983", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-10-29T13:42:10"}, {"id": "MANDRAKE_MDKSA-2006-234.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mono (MDKSA-2006:234)", "description": "XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic.\n\nUpdated packages have been patched to correct this issue.", "published": "2007-02-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24617", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-10-29T13:38:54"}, {"id": "MONO_XSP_SOURCE_DISCLOSURE.NASL", "type": "nessus", "title": "Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure", "description": "The remote host is running Mono XSP, a lightweight web server for hosting ASP.NET applications. \n\nThe version of Mono XSP installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application using specially crafted requests with URL-encoded space characters.", "published": "2006-12-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23934", "cvelist": ["CVE-2006-6104"], "lastseen": "2018-06-14T11:35:52"}, {"id": "GENTOO_GLSA-200701-12.NASL", "type": "nessus", "title": "GLSA-200701-12 : Mono: Information disclosure", "description": "The remote host is affected by the vulnerability described in GLSA-200701-12 (Mono: Information disclosure)\n\n Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize local pathnames which could allow server-side file content disclosure.\n Impact :\n\n An attacker could append a space character to a URI and obtain unauthorized access to the source code of server-side files. An attacker could also read credentials by requesting Web.Config%20 from a Mono server.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-01-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24210", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-10-29T13:44:03"}, {"id": "FEDORA_2007-067.NASL", "type": "nessus", "title": "Fedora Core 6 : mono-1.1.17.1-4.fc6 (2007-067)", "description": "A security problem was found and fixed in mono class libraries that affects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web server.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-01-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24197", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-10-29T13:43:26"}], "osvdb": [{"id": "OSVDB:29504", "type": "osvdb", "title": "Novell Mono System.CodeDom.Compiler Symlink Arbitrary File Overwrite", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Dec/0001.html)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:188)\n[Secunia Advisory ID:22614](https://secuniaresearch.flexerasoftware.com/advisories/22614/)\n[Secunia Advisory ID:23154](https://secuniaresearch.flexerasoftware.com/advisories/23154/)\n[Secunia Advisory ID:22277](https://secuniaresearch.flexerasoftware.com/advisories/22277/)\n[Secunia Advisory ID:23213](https://secuniaresearch.flexerasoftware.com/advisories/23213/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:22237](https://secuniaresearch.flexerasoftware.com/advisories/22237/)\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.ubuntu.com/usn/usn-357-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-23.xml\nISS X-Force ID: 29353\nFrSIRT Advisory: ADV-2006-3911\n[CVE-2006-5072](https://vulners.com/cve/CVE-2006-5072)\nBugtraq ID: 20340\n", "published": "2006-10-04T04:34:34", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:29504", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-04-28T13:20:26"}, {"id": "OSVDB:32392", "type": "osvdb", "title": "Mono XSP for ASP.NET Server System.Web Class Web.Config Credential Disclosure", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23435](https://secuniaresearch.flexerasoftware.com/advisories/23435/)\n[Secunia Advisory ID:23727](https://secuniaresearch.flexerasoftware.com/advisories/23727/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:23779](https://secuniaresearch.flexerasoftware.com/advisories/23779/)\n[Secunia Advisory ID:23432](https://secuniaresearch.flexerasoftware.com/advisories/23432/)\n[Secunia Advisory ID:23462](https://secuniaresearch.flexerasoftware.com/advisories/23462/)\n[Secunia Advisory ID:23597](https://secuniaresearch.flexerasoftware.com/advisories/23597/)\n[Related OSVDB ID: 32391](https://vulners.com/osvdb/OSVDB:32391)\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-397-1\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-12.xml\nOther Advisory URL: http://eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html\nOther Advisory URL: http://fedoranews.org/cms/node/2400\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:234\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0327.html\n[CVE-2006-6104](https://vulners.com/cve/CVE-2006-6104)\nBugtraq ID: 21687\n", "published": "2006-12-20T06:33:52", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:32392", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-04-28T13:20:28"}, {"id": "OSVDB:32391", "type": "osvdb", "title": "Mono XSP for ASP.NET Server System.Web Class Source Code Disclosure", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23435](https://secuniaresearch.flexerasoftware.com/advisories/23435/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:23727](https://secuniaresearch.flexerasoftware.com/advisories/23727/)\n[Secunia Advisory ID:23779](https://secuniaresearch.flexerasoftware.com/advisories/23779/)\n[Secunia Advisory ID:23432](https://secuniaresearch.flexerasoftware.com/advisories/23432/)\n[Secunia Advisory ID:23462](https://secuniaresearch.flexerasoftware.com/advisories/23462/)\n[Secunia Advisory ID:23597](https://secuniaresearch.flexerasoftware.com/advisories/23597/)\n[Related OSVDB ID: 32392](https://vulners.com/osvdb/OSVDB:32392)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-397-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-12.xml\nOther Advisory URL: http://eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:234\nOther Advisory URL: http://fedoranews.org/cms/node/2400\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0327.html\n[CVE-2006-6104](https://vulners.com/cve/CVE-2006-6104)\nBugtraq ID: 21687\n", "published": "2006-12-20T06:33:52", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:32391", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-04-28T13:20:28"}], "openvas": [{"id": "OPENVAS:57461", "type": "openvas", "title": "FreeBSD Ports: mono", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57461", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-07-02T21:10:22"}, {"id": "OPENVAS:57936", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-23 (mono)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-23.", "published": "2008-09-24T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57936", "cvelist": ["CVE-2006-5072"], "lastseen": "2017-07-24T12:49:44"}, {"id": "OPENVAS:850112", "type": "openvas", "title": "SuSE Update for mono-web SUSE-SA:2007:002", "description": "Check for the Version of mono-web", "published": "2009-01-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850112", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-12-12T11:20:55"}, {"id": "OPENVAS:861467", "type": "openvas", "title": "Fedora Update for mono FEDORA-2007-067", "description": "Check for the Version of mono", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861467", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-07-25T10:56:01"}, {"id": "OPENVAS:57972", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200701-12 (mono)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200701-12.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57972", "cvelist": ["CVE-2006-6104"], "lastseen": "2017-07-24T12:49:49"}], "gentoo": [{"id": "GLSA-200611-23", "type": "gentoo", "title": "Mono: Insecure temporary file creation", "description": "### Background\n\nMono provides the necessary software to develop and run .NET client and server applications. \n\n### Description\n\nSebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. \n\n### Impact\n\nA local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected class is called, this could result in the file being overwritten with the rights of the user running the script. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mono users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/mono-1.1.13.8.1\"", "published": "2006-11-28T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200611-23", "cvelist": ["CVE-2006-5072"], "lastseen": "2016-09-06T19:46:40"}, {"id": "GLSA-200701-12", "type": "gentoo", "title": "Mono: Information disclosure", "description": "### Background\n\nMono provides the necessary software to develop and run .NET client and server applications on various platforms. \n\n### Description\n\nJose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize local pathnames which could allow server-side file content disclosure. \n\n### Impact\n\nAn attacker could append a space character to a URI and obtain unauthorized access to the source code of server-side files. An attacker could also read credentials by requesting Web.Config%20 from a Mono server. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mono users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/mono-1.2.2.1\"", "published": "2007-01-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://security.gentoo.org/glsa/200701-12", "cvelist": ["CVE-2006-6104"], "lastseen": "2016-09-06T19:46:27"}], "ubuntu": [{"id": "USN-357-1", "type": "ubuntu", "title": "Mono vulnerability", "description": "Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.", "published": "2006-10-05T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/357-1/", "cvelist": ["CVE-2006-5072"], "lastseen": "2018-03-29T18:21:05"}, {"id": "USN-397-1", "type": "ubuntu", "title": "mono vulnerability", "description": "Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application\u2019s source.", "published": "2006-12-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/397-1/", "cvelist": ["CVE-2006-6104"], "lastseen": "2018-03-29T18:21:34"}], "freebsd": [{"id": "5A39A22E-5478-11DB-8F1A-000A48049292", "type": "freebsd", "title": "mono -- \"System.CodeDom.Compiler\" Insecure Temporary Creation", "description": "\nSebastian Krahmer reports:\n\nSebastian Krahmer of the SuSE security team discovered\n\t that the System.CodeDom.Compiler classes used temporary\n\t files in an insecure way. This could allow a symbolic link\n\t attack to create or overwrite arbitrary files with the\n\t privileges of the user invoking the program. Under some\n\t circumstances, a local attacker could also exploit this to\n\t inject arbitrary code into running Mono processes.\n\n", "published": "2006-10-04T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/5a39a22e-5478-11db-8f1a-000a48049292.html", "cvelist": ["CVE-2006-5072"], "lastseen": "2016-09-26T17:25:05"}], "suse": [{"id": "SUSE-SA:2006:073", "type": "suse", "title": "local privilege escalation in mono-core", "description": "Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-12-01T17:34:31", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-12/msg00010.html", "cvelist": ["CVE-2006-4800", "CVE-2006-6297", "CVE-2006-5072", "CVE-2006-5973", "CVE-2006-4799"], "lastseen": "2016-09-04T11:50:21"}, {"id": "SUSE-SA:2007:002", "type": "suse", "title": "remote source code disclosure in mono-web", "description": "A security problem was found and fixed in the Mono / C# web server implementation.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-01-04T18:49:55", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-01/msg00017.html", "cvelist": ["CVE-2006-6104"], "lastseen": "2016-09-04T12:38:49"}], "exploitdb": [{"id": "EDB-ID:29302", "type": "exploitdb", "title": "Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability", "description": "Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability. CVE-2006-6104. Remote exploit for linux platform", "published": "2006-12-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/29302/", "cvelist": ["CVE-2006-6104"], "lastseen": "2016-02-03T10:00:28"}]}}