ID OPENVAS:861463 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-10T00:00:00
Description
Check for the Version of mono
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mono FEDORA-2007-068
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "mono on Fedora Core 5";
tag_insight = "The Mono runtime implements a JIT engine for the ECMA CLI
virtual machine (as well as a byte code interpreter, the
class loader, the garbage collector, threading system and
metadata access libraries.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html");
script_id(861463);
script_version("$Revision: 6622 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)");
script_tag(name:"cvss_base", value:"6.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:C/I:C/A:C");
script_xref(name: "FEDORA", value: "2007-068");
script_cve_id("CVE-2006-6104", "CVE-2006-5072");
script_name( "Fedora Update for mono FEDORA-2007-068");
script_summary("Check for the Version of mono");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora_core", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC5")
{
if ((res = isrpmvuln(pkg:"mono", rpm:"mono~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-winforms", rpm:"x86_64/mono-winforms~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data-firebird", rpm:"x86_64/mono-data-firebird~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-locale-extras", rpm:"x86_64/mono-locale-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-web", rpm:"x86_64/mono-web~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/debug/mono-debuginfo", rpm:"x86_64/debug/mono-debuginfo~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/ibm-data-db2", rpm:"x86_64/ibm-data-db2~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/bytefx-data-mysql", rpm:"x86_64/bytefx-data-mysql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-core", rpm:"x86_64/mono-core~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-jscript", rpm:"x86_64/mono-jscript~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-devel", rpm:"x86_64/mono-devel~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data-sqlite", rpm:"x86_64/mono-data-sqlite~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data-oracle", rpm:"x86_64/mono-data-oracle~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-basic", rpm:"x86_64/mono-basic~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-extras", rpm:"x86_64/mono-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data-sybase", rpm:"x86_64/mono-data-sybase~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-nunit", rpm:"x86_64/mono-nunit~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data", rpm:"x86_64/mono-data~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"x86_64/mono-data-postgresql", rpm:"x86_64/mono-data-postgresql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data-firebird", rpm:"i386/mono-data-firebird~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-nunit", rpm:"i386/mono-nunit~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-basic", rpm:"i386/mono-basic~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-jscript", rpm:"i386/mono-jscript~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data", rpm:"i386/mono-data~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data-oracle", rpm:"i386/mono-data-oracle~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-devel", rpm:"i386/mono-devel~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data-postgresql", rpm:"i386/mono-data-postgresql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/bytefx-data-mysql", rpm:"i386/bytefx-data-mysql~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-locale-extras", rpm:"i386/mono-locale-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/ibm-data-db2", rpm:"i386/ibm-data-db2~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-core", rpm:"i386/mono-core~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data-sybase", rpm:"i386/mono-data-sybase~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/debug/mono-debuginfo", rpm:"i386/debug/mono-debuginfo~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-web", rpm:"i386/mono-web~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-extras", rpm:"i386/mono-extras~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-winforms", rpm:"i386/mono-winforms~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"i386/mono-data-sqlite", rpm:"i386/mono-data-sqlite~1.1.13.7~3.fc5.1", rls:"FC5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:861463", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for mono FEDORA-2007-068", "description": "Check for the Version of mono", "published": "2009-02-27T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861463", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007-068", "https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html"], "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "lastseen": "2017-07-25T10:57:15", "viewCount": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-25T10:57:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5072", "CVE-2006-6104"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_5A39A22E547811DB8F1A000A48049292.NASL", "FEDORA_2007-068.NASL", "MONO_XSP_SOURCE_DISCLOSURE.NASL", "MANDRAKE_MDKSA-2006-234.NASL", "GENTOO_GLSA-200611-23.NASL", "FEDORA_2007-067.NASL", "UBUNTU_USN-397-1.NASL", "FEDORA_2006-1012.NASL", "GENTOO_GLSA-200701-12.NASL", "SUSE_SA_2006_073.NASL"]}, {"type": "suse", "idList": ["SUSE-SA:2007:002", "SUSE-SA:2006:073"]}, {"type": "exploitdb", "idList": ["EDB-ID:29302"]}, {"type": "osvdb", "idList": ["OSVDB:32391", "OSVDB:29504", "OSVDB:32392"]}, {"type": "openvas", "idList": ["OPENVAS:57936", "OPENVAS:57461", "OPENVAS:850112", "OPENVAS:57972", "OPENVAS:861467"]}, {"type": "gentoo", "idList": ["GLSA-200611-23", "GLSA-200701-12"]}, {"type": "ubuntu", "idList": ["USN-357-1", "USN-397-1"]}, {"type": "freebsd", "idList": ["5A39A22E-5478-11DB-8F1A-000A48049292"]}], "modified": "2017-07-25T10:57:15", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "861463", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2007-068\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora Core 5\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00069.html\");\n script_id(861463);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-068\");\n script_cve_id(\"CVE-2006-6104\", \"CVE-2006-5072\");\n script_name( \"Fedora Update for mono FEDORA-2007-068\");\n\n script_summary(\"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-winforms\", rpm:\"x86_64/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-firebird\", rpm:\"x86_64/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-locale-extras\", rpm:\"x86_64/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-web\", rpm:\"x86_64/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/mono-debuginfo\", rpm:\"x86_64/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ibm-data-db2\", rpm:\"x86_64/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bytefx-data-mysql\", rpm:\"x86_64/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-core\", rpm:\"x86_64/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-jscript\", rpm:\"x86_64/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-devel\", rpm:\"x86_64/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sqlite\", rpm:\"x86_64/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-oracle\", rpm:\"x86_64/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-basic\", rpm:\"x86_64/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-extras\", rpm:\"x86_64/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sybase\", rpm:\"x86_64/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-nunit\", rpm:\"x86_64/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data\", rpm:\"x86_64/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-postgresql\", rpm:\"x86_64/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-firebird\", rpm:\"i386/mono-data-firebird~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-nunit\", rpm:\"i386/mono-nunit~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-basic\", rpm:\"i386/mono-basic~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-jscript\", rpm:\"i386/mono-jscript~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data\", rpm:\"i386/mono-data~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-oracle\", rpm:\"i386/mono-data-oracle~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-devel\", rpm:\"i386/mono-devel~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-postgresql\", rpm:\"i386/mono-data-postgresql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bytefx-data-mysql\", rpm:\"i386/bytefx-data-mysql~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-locale-extras\", rpm:\"i386/mono-locale-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ibm-data-db2\", rpm:\"i386/ibm-data-db2~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-core\", rpm:\"i386/mono-core~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sybase\", rpm:\"i386/mono-data-sybase~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/mono-debuginfo\", rpm:\"i386/debug/mono-debuginfo~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-web\", rpm:\"i386/mono-web~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-extras\", rpm:\"i386/mono-extras~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-winforms\", rpm:\"i386/mono-winforms~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sqlite\", rpm:\"i386/mono-data-sqlite~1.1.13.7~3.fc5.1\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:25", "description": "The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.", "edition": 4, "cvss3": {}, "published": "2006-12-21T19:28:00", "title": "CVE-2006-6104", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6104"], "modified": "2018-10-17T21:46:00", "cpe": ["cpe:/a:mono:xsp:1.1", "cpe:/a:mono:xsp:2.0", "cpe:/a:mono:xsp:1.2.1"], "id": "CVE-2006-6104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6104", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mono:xsp:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mono:xsp:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mono:xsp:1.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:24", "description": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.", "edition": 4, "cvss3": {}, "published": "2006-10-10T04:06:00", "title": "CVE-2006-5072", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5072"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:mono:mono:2.0", "cpe:/a:mono:mono:1.0"], "id": "CVE-2006-5072", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5072", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "description": "The Mono runtime implements a JIT engine for the ECMA CLI virtual machine (as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries. ", "modified": "2007-01-12T19:43:55", "published": "2007-01-12T19:43:55", "id": "FEDORA:L0CJHTTS023964", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: mono-1.1.13.7-3.fc5.1", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6104"], "description": "The Mono runtime implements a JIT engine for the ECMA CLI virtual machine (as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries. ", "modified": "2007-01-12T19:43:05", "published": "2007-01-12T19:43:05", "id": "FEDORA:L0CJH5TH023701", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: mono-1.1.17.1-4.fc6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:06:02", "description": "A security problem was found and fixed in mono class libraries that\naffects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code\nof ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web\nserver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : mono-1.1.13.7-3.fc5.1 (2007-068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072", "CVE-2006-6104"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mono-devel", "p-cpe:/a:fedoraproject:fedora:mono-data-oracle", "p-cpe:/a:fedoraproject:fedora:mono-debuginfo", "p-cpe:/a:fedoraproject:fedora:mono-basic", "p-cpe:/a:fedoraproject:fedora:mono-data-sybase", "p-cpe:/a:fedoraproject:fedora:mono-web", "p-cpe:/a:fedoraproject:fedora:ibm-data-db2", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:mono-data", "p-cpe:/a:fedoraproject:fedora:mono-data-firebird", "p-cpe:/a:fedoraproject:fedora:bytefx-data-mysql", "p-cpe:/a:fedoraproject:fedora:mono-nunit", "p-cpe:/a:fedoraproject:fedora:mono-jscript", "p-cpe:/a:fedoraproject:fedora:mono-extras", "p-cpe:/a:fedoraproject:fedora:mono-data-postgresql", "p-cpe:/a:fedoraproject:fedora:mono-data-sqlite", "p-cpe:/a:fedoraproject:fedora:mono-winforms", "p-cpe:/a:fedoraproject:fedora:mono-locale-extras", "p-cpe:/a:fedoraproject:fedora:mono-core"], "id": "FEDORA_2007-068.NASL", "href": "https://www.tenable.com/plugins/nessus/24198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-068.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24198);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-5072\", \"CVE-2006-6104\");\n script_xref(name:\"FEDORA\", value:\"2007-068\");\n\n script_name(english:\"Fedora Core 5 : mono-1.1.13.7-3.fc5.1 (2007-068)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security problem was found and fixed in mono class libraries that\naffects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code\nof ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web\nserver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001244.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b5bc1c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-basic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"bytefx-data-mysql-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"ibm-data-db2-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-basic-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-core-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-firebird-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-oracle-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-postgresql-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-sqlite-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-data-sybase-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-debuginfo-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-devel-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-extras-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-jscript-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-locale-extras-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-nunit-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-web-1.1.13.7-3.fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mono-winforms-1.1.13.7-3.fc5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-basic / mono-core / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:38:08", "description": "Jose Ramon Palanco discovered that the mono System.Web class did not\nconsistently verify local file paths. As a result, the source code for\nmono web applications could be retrieved remotely, possibly leading to\nfurther compromise via the application's source.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmono-data-tds2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-utils", "p-cpe:/a:canonical:ubuntu_linux:mono-common", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-sqlite2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-cairo2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-cscompmgd8.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-winforms2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip2.84-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0", "p-cpe:/a:canonical:ubuntu_linux:libmono-sqlite1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-ldap2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-accessibility1.0-cil", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libmono-bytefx0.7.6.2-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-cairo1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-oracle2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-mjs", "p-cpe:/a:canonical:ubuntu_linux:libmono-system2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-winforms1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-oracle1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0-dbg", "p-cpe:/a:canonical:ubuntu_linux:mono-runtime", "p-cpe:/a:canonical:ubuntu_linux:libmono-corlib2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-gac", "p-cpe:/a:canonical:ubuntu_linux:mono-mcs", "p-cpe:/a:canonical:ubuntu_linux:libmono-data-tds1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-accessibility2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-gmcs", "p-cpe:/a:canonical:ubuntu_linux:libmono-security1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-data1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip0.6-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-peapi2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono0", "p-cpe:/a:canonical:ubuntu_linux:libmono-ldap2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-bytefx0.7.6.1-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-corlib1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-devel", "p-cpe:/a:canonical:ubuntu_linux:libmono2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-jay", "p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft-build2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-messaging2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0", "p-cpe:/a:canonical:ubuntu_linux:libmono-relaxng1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-data2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-peapi1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-c5-1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-npgsql2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-firebirdsql1.7-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft8.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-ldap1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-runtime2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-assemblies-base", "p-cpe:/a:canonical:ubuntu_linux:libmono-security2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft7.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono-jit", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip0.84-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-cscompmgd7.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-messaging1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-ldap1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:mono", "p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip2.6-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-dev", "p-cpe:/a:canonical:ubuntu_linux:libmono-npgsql1.0-cil", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmono1.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-relaxng2.0-cil", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-runtime1.0-cil"], "id": "UBUNTU_USN-397-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-397-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27983);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-6104\");\n script_bugtraq_id(21687);\n script_xref(name:\"USN\", value:\"397-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jose Ramon Palanco discovered that the mono System.Web class did not\nconsistently verify local file paths. As a result, the source code for\nmono web applications could be retrieved remotely, possibly leading to\nfurther compromise via the application's source.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/397-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-accessibility1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-accessibility2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-bytefx0.7.6.1-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-bytefx0.7.6.2-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-c5-1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-cairo1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-cairo2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-corlib1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-corlib2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-cscompmgd7.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-cscompmgd8.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-data-tds1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-data-tds2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-firebirdsql1.7-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-ldap1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-ldap2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft-build2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft7.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-microsoft8.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-npgsql1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-npgsql2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-oracle1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-oracle2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-peapi1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-peapi2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-relaxng1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-relaxng2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-security1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-security2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip0.6-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip0.84-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip2.6-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sharpzip2.84-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sqlite1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-sqlite2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-data1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-data2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-ldap1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-ldap2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-messaging1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-messaging2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-runtime1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-runtime2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-winforms1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-winforms2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-assemblies-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-gac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-gmcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-jay\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-jit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-mcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-mjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmono-dev\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmono0\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-assemblies-base\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-1.0\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-1.0-dbg\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-2.0\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-2.0-dbg\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-common\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-devel\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-gac\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-gmcs\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-jay\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-jit\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-mcs\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-utils\", pkgver:\"1.1.13.6-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-accessibility1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-accessibility2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-bytefx0.7.6.1-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-bytefx0.7.6.2-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-c5-1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-cairo1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-cairo2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-corlib1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-corlib2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-cscompmgd7.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-cscompmgd8.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-data-tds1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-data-tds2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-dev\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-firebirdsql1.7-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-ldap1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-ldap2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-microsoft-build2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-microsoft7.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-microsoft8.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-npgsql1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-npgsql2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-oracle1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-oracle2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-peapi1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-peapi2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-relaxng1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-relaxng2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-security1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-security2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sharpzip0.6-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sharpzip0.84-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sharpzip2.6-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sharpzip2.84-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sqlite1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-sqlite2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-data1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-data2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-ldap1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-ldap2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-messaging1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-messaging2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-runtime1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-runtime2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-web1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-system2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-winforms1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono-winforms2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono0\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono1.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmono2.0-cil\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-classlib-1.0\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-classlib-2.0\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-common\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-devel\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-gac\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-gmcs\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-jay\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-jit\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-mcs\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-mjs\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-runtime\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mono-utils\", pkgver:\"1.1.17.1-1ubuntu7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmono-accessibility1.0-cil / libmono-accessibility2.0-cil / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:09:13", "description": "The remote host is running Mono XSP, a lightweight web server for\nhosting ASP.NET applications. \n\nThe version of Mono XSP installed on the remote Windows host fails to\nproperly validate filename extensions in URLs. A remote attacker may\nbe able to leverage this issue to disclose the source of scripts\nhosted by the affected application using specially crafted requests\nwith URL-encoded space characters.", "edition": 25, "published": "2006-12-23T00:00:00", "title": "Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "modified": "2006-12-23T00:00:00", "cpe": [], "id": "MONO_XSP_SOURCE_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/23934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23934);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2006-6104\");\n script_bugtraq_id(21687);\n\n script_name(english:\"Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure\");\n script_summary(english:\"Tries to retrieve ASPX source code using XSP\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an information disclosure\nvulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mono XSP, a lightweight web server for\nhosting ASP.NET applications. \n\nThe version of Mono XSP installed on the remote Windows host fails to\nproperly validate filename extensions in URLs. A remote attacker may\nbe able to leverage this issue to disclose the source of scripts\nhosted by the affected application using specially crafted requests\nwith URL-encoded space characters.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7eb7aad8\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/454962/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e26e3abc\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mono version 1.2.2 / 1.1.13.8.2 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/12/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/12/20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\n\nbanner = get_http_banner(port:port);\nif (! banner) exit(1, \"No web banner on port \"+port);\n\nif (\"Server: Mono.WebServer\" >!< banner) exit(0, \"Mono.webServer is not running on port \"+port);\n\n files = get_kb_list(string(\"www/\", port, \"/content/extensions/aspx\"));\n if (isnull(files)) files = make_list(\"/index.aspx\", \"/Default.aspx\");\n\n n = 0;\n foreach file (files)\n {\n w = http_send_recv3(method:\"GEt\", item:string(file, \"%20\"), port:port);\n if (isnull(w)) exit(1, \"The web server on port \"+port+\" did not answer\");\n res = w[2];\n\n if (\n \"<%@ \" >< res && \n egrep(pattern:\"<%@ +language=\", string:res, icase:TRUE)\n )\n {\n if (report_verbosity > 1)\n report = string(\n \"Here is the source that Nessus was able to retrieve : \\n\",\n \"\\n\",\n \" \", file, \" :\\n\",\n \"\\n\",\n res\n );\n else report = NULL;\n security_warning(port:port, extra:report); \n exit(0);\n }\n n++;\n if (n > 20) exit(0);\n }\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:51:39", "description": "XSP (the Mono ASP.NET server) is vulnerable to source disclosure\nattack which allow a malicious user to obtain the source code of the\nserver-side application. This vulnerability grants the attacker deeper\nknowledge of the Web application logic.\n\nUpdated packages have been patched to correct this issue.", "edition": 25, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : mono (MDKSA-2006:234)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libmono0", "p-cpe:/a:mandriva:linux:mono-data-sqlite", "p-cpe:/a:mandriva:linux:jay", "p-cpe:/a:mandriva:linux:mono", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:mono-doc", "p-cpe:/a:mandriva:linux:lib64mono0", "p-cpe:/a:mandriva:linux:libmono-runtime", "p-cpe:/a:mandriva:linux:lib64mono0-devel", "p-cpe:/a:mandriva:linux:libmono0-devel"], "id": "MANDRAKE_MDKSA-2006-234.NASL", "href": "https://www.tenable.com/plugins/nessus/24617", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:234. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24617);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6104\");\n script_bugtraq_id(21687);\n script_xref(name:\"MDKSA\", value:\"2006:234\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mono (MDKSA-2006:234)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XSP (the Mono ASP.NET server) is vulnerable to source disclosure\nattack which allow a malicious user to obtain the source code of the\nserver-side application. This vulnerability grants the attacker deeper\nknowledge of the Web application logic.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jay\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"jay-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64mono0-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64mono0-devel-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"libmono-runtime-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libmono0-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libmono0-devel-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-data-sqlite-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-doc-1.1.17.1-5.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:52:10", "description": "The remote host is affected by the vulnerability described in GLSA-200701-12\n(Mono: Information disclosure)\n\n Jose Ramon Palanco has discovered that the System.Web class in the XSP\n for the ASP.NET server 1.1 through 2.0 in Mono does not properly\n validate or sanitize local pathnames which could allow server-side file\n content disclosure.\n \nImpact :\n\n An attacker could append a space character to a URI and obtain\n unauthorized access to the source code of server-side files. An\n attacker could also read credentials by requesting Web.Config%20 from a\n Mono server.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-01-17T00:00:00", "title": "GLSA-200701-12 : Mono: Information disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "modified": "2007-01-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mono"], "id": "GENTOO_GLSA-200701-12.NASL", "href": "https://www.tenable.com/plugins/nessus/24210", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200701-12.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24210);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6104\");\n script_bugtraq_id(21687);\n script_xref(name:\"GLSA\", value:\"200701-12\");\n\n script_name(english:\"GLSA-200701-12 : Mono: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200701-12\n(Mono: Information disclosure)\n\n Jose Ramon Palanco has discovered that the System.Web class in the XSP\n for the ASP.NET server 1.1 through 2.0 in Mono does not properly\n validate or sanitize local pathnames which could allow server-side file\n content disclosure.\n \nImpact :\n\n An attacker could append a space character to a URI and obtain\n unauthorized access to the source code of server-side files. An\n attacker could also read credentials by requesting Web.Config%20 from a\n Mono server.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200701-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mono users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/mono-1.2.2.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/mono\", unaffected:make_list(\"ge 1.2.2.1\"), vulnerable:make_list(\"lt 1.2.2.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mono\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:06:02", "description": "A security problem was found and fixed in mono class libraries that\naffects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code\nof ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web\nserver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-01-17T00:00:00", "title": "Fedora Core 6 : mono-1.1.17.1-4.fc6 (2007-067)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mono-devel", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:mono-data-oracle", "p-cpe:/a:fedoraproject:fedora:mono-debuginfo", "p-cpe:/a:fedoraproject:fedora:mono-data-sybase", "p-cpe:/a:fedoraproject:fedora:mono-web", "p-cpe:/a:fedoraproject:fedora:ibm-data-db2", "p-cpe:/a:fedoraproject:fedora:mono-data", "p-cpe:/a:fedoraproject:fedora:mono-nunit-devel", "p-cpe:/a:fedoraproject:fedora:mono-data-firebird", "p-cpe:/a:fedoraproject:fedora:bytefx-data-mysql", "p-cpe:/a:fedoraproject:fedora:mono-nunit", "p-cpe:/a:fedoraproject:fedora:mono-jscript", "p-cpe:/a:fedoraproject:fedora:mono-extras", "p-cpe:/a:fedoraproject:fedora:mono-data-postgresql", "p-cpe:/a:fedoraproject:fedora:mono-data-sqlite", "p-cpe:/a:fedoraproject:fedora:mono-winforms", "p-cpe:/a:fedoraproject:fedora:mono-locale-extras", "p-cpe:/a:fedoraproject:fedora:mono-core"], "id": "FEDORA_2007-067.NASL", "href": "https://www.tenable.com/plugins/nessus/24197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-067.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24197);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-6104\");\n script_xref(name:\"FEDORA\", value:\"2007-067\");\n\n script_name(english:\"Fedora Core 6 : mono-1.1.17.1-4.fc6 (2007-067)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security problem was found and fixed in mono class libraries that\naffects the Mono web server implementation.\n\nBy appending spaces to URLs attackers could download the source code\nof ASP.net scripts that would normally get executed by the web server.\n\nAfter upgrading the packages you need to restart any running mono web\nserver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d0bee54\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-nunit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"bytefx-data-mysql-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"ibm-data-db2-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-core-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-firebird-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-oracle-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-postgresql-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-sqlite-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-data-sybase-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-debuginfo-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-devel-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-extras-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-jscript-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-locale-extras-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-nunit-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-nunit-devel-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-web-1.1.17.1-4.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mono-winforms-1.1.17.1-4.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-core / mono-data / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:14:49", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:073 (mono-core).\n\n\nSebastian Krahmer of SUSE Security found that the Mono\nSystem.Xml.Serialization class contained a /tmp race which potentially\nallows local attackers to execute code as the user using the\nSerialization method.\n\nThis is tracked by the Mitre CVE ID CVE-2006-5072.\n\nPackages for all affected distributions were released on November 10th,\nand for SLE 10 on November 27th.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2006:073: mono-core", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2006_073.NASL", "href": "https://www.tenable.com/plugins/nessus/24450", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:073\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24450);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:073: mono-core\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:073 (mono-core).\n\n\nSebastian Krahmer of SUSE Security found that the Mono\nSystem.Xml.Serialization class contained a /tmp race which potentially\nallows local attackers to execute code as the user using the\nSerialization method.\n\nThis is tracked by the Mitre CVE ID CVE-2006-5072.\n\nPackages for all affected distributions were released on November 10th,\nand for SLE 10 on November 27th.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_73_mono.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the mono-core package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"bytefx-data-mysql-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ibm-data-db2-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-basic-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-core-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-oracle-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-postgresql-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-sqlite-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-sybase-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-devel-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-extras-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-ikvm-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-locale-extras-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-nunit-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-web-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-winforms-1.1.8.3-6.3\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"bytefx-data-mysql-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ibm-data-db2-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-basic-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-core-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-oracle-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-postgresql-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-sqlite-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-data-sybase-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-devel-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-extras-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-ikvm-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-locale-extras-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-web-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mono-winforms-1.1.4-15.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:38", "description": "Sebastian Krahmer of the SUSE security team found that the\nSystem.CodeDom.Compiler classes in mono used temporary files in an\ninsecure way that could allow a symbolic link attack to overwrite\narbitrary files with the privileges of the user running a program that\nmade use of those classes.\n\nUpdated packages have been patched to correct this issue.", "edition": 25, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : mono (MDKSA-2006:188)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libmono0", "p-cpe:/a:mandriva:linux:mono-data-sqlite", "p-cpe:/a:mandriva:linux:jay", "p-cpe:/a:mandriva:linux:mono", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:mono-doc", "p-cpe:/a:mandriva:linux:lib64mono0", "p-cpe:/a:mandriva:linux:libmono-runtime", "p-cpe:/a:mandriva:linux:lib64mono0-devel", "p-cpe:/a:mandriva:linux:libmono0-devel"], "id": "MANDRAKE_MDKSA-2006-188.NASL", "href": "https://www.tenable.com/plugins/nessus/24573", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:188. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24573);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5072\");\n script_bugtraq_id(20340);\n script_xref(name:\"MDKSA\", value:\"2006:188\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mono (MDKSA-2006:188)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer of the SUSE security team found that the\nSystem.CodeDom.Compiler classes in mono used temporary files in an\ninsecure way that could allow a symbolic link attack to overwrite\narbitrary files with the privileges of the user running a program that\nmade use of those classes.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jay\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mono0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmono0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mono-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"jay-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64mono0-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64mono0-devel-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"libmono-runtime-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libmono0-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libmono0-devel-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-data-sqlite-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mono-doc-1.1.17.1-5.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:09", "description": "The remote host is affected by the vulnerability described in GLSA-200611-23\n(Mono: Insecure temporary file creation)\n\n Sebastian Krahmer of the SuSE Security Team discovered that the\n System.CodeDom.Compiler classes of Mono create temporary files with\n insecure permissions.\n \nImpact :\n\n A local attacker could create links in the temporary file directory,\n pointing to a valid file somewhere on the filesystem. When an affected\n class is called, this could result in the file being overwritten with\n the rights of the user running the script.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-11-30T00:00:00", "title": "GLSA-200611-23 : Mono: Insecure temporary file creation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "modified": "2006-11-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mono"], "id": "GENTOO_GLSA-200611-23.NASL", "href": "https://www.tenable.com/plugins/nessus/23745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-23.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23745);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5072\");\n script_bugtraq_id(20340);\n script_xref(name:\"GLSA\", value:\"200611-23\");\n\n script_name(english:\"GLSA-200611-23 : Mono: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-23\n(Mono: Insecure temporary file creation)\n\n Sebastian Krahmer of the SuSE Security Team discovered that the\n System.CodeDom.Compiler classes of Mono create temporary files with\n insecure permissions.\n \nImpact :\n\n A local attacker could create links in the temporary file directory,\n pointing to a valid file somewhere on the filesystem. When an affected\n class is called, this could result in the file being overwritten with\n the rights of the user running the script.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mono users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/mono-1.1.13.8.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/mono\", unaffected:make_list(\"ge 1.1.13.8.1\"), vulnerable:make_list(\"lt 1.1.13.8.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mono\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:33:16", "description": "Sebastian Krahmer of the SuSE security team discovered that the\nSystem.CodeDom.Compiler classes used temporary files in an insecure\nway. This could allow a symbolic link attack to create or overwrite\narbitrary files with the privileges of the user invoking the program.\nUnder some circumstances, a local attacker could also exploit this to\ninject arbitrary code into running Mono processes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS : mono vulnerability (USN-357-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mono-utils", "p-cpe:/a:canonical:ubuntu_linux:mono-common", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0-dbg", "p-cpe:/a:canonical:ubuntu_linux:mono-gac", "p-cpe:/a:canonical:ubuntu_linux:mono-mcs", "p-cpe:/a:canonical:ubuntu_linux:mono-gmcs", "p-cpe:/a:canonical:ubuntu_linux:libmono0", "p-cpe:/a:canonical:ubuntu_linux:mono-devel", "p-cpe:/a:canonical:ubuntu_linux:mono-jay", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:mono-assemblies-base", "p-cpe:/a:canonical:ubuntu_linux:mono-jit", "p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0-dbg", "p-cpe:/a:canonical:ubuntu_linux:mono", "p-cpe:/a:canonical:ubuntu_linux:libmono-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-357-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-357-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27937);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-5072\");\n script_xref(name:\"USN\", value:\"357-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS : mono vulnerability (USN-357-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer of the SuSE security team discovered that the\nSystem.CodeDom.Compiler classes used temporary files in an insecure\nway. This could allow a symbolic link attack to create or overwrite\narbitrary files with the privileges of the user invoking the program.\nUnder some circumstances, a local attacker could also exploit this to\ninject arbitrary code into running Mono processes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/357-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-assemblies-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-1.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-classlib-2.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-gac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-gmcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-jay\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-jit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-mcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mono-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmono-dev\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmono0\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-assemblies-base\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-classlib-1.0\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-classlib-1.0-dbg\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-classlib-2.0\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-classlib-2.0-dbg\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-common\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-devel\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-gac\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-gmcs\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-jay\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-jit\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-mcs\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mono-utils\", pkgver:\"1.1.8.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmono-dev\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmono0\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-assemblies-base\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-1.0\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-1.0-dbg\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-2.0\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-classlib-2.0-dbg\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-common\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-devel\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-gac\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-gmcs\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-jay\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-jit\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-mcs\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mono-utils\", pkgver:\"1.1.13.6-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmono-dev / libmono0 / mono / mono-assemblies-base / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "description": "Check for the Version of mono", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861467", "href": "http://plugins.openvas.org/nasl.php?oid=861467", "type": "openvas", "title": "Fedora Update for mono FEDORA-2007-067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2007-067\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora Core 6\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00068.html\");\n script_id(861467);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-067\");\n script_cve_id(\"CVE-2006-6104\");\n script_name( \"Fedora Update for mono FEDORA-2007-067\");\n\n script_summary(\"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-jscript\", rpm:\"x86_64/mono-jscript~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sybase\", rpm:\"x86_64/mono-data-sybase~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-sqlite\", rpm:\"x86_64/mono-data-sqlite~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-core\", rpm:\"x86_64/mono-core~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-web\", rpm:\"x86_64/mono-web~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-extras\", rpm:\"x86_64/mono-extras~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bytefx-data-mysql\", rpm:\"x86_64/bytefx-data-mysql~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-nunit-devel\", rpm:\"x86_64/mono-nunit-devel~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-locale-extras\", rpm:\"x86_64/mono-locale-extras~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ibm-data-db2\", rpm:\"x86_64/ibm-data-db2~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-winforms\", rpm:\"x86_64/mono-winforms~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-oracle\", rpm:\"x86_64/mono-data-oracle~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-firebird\", rpm:\"x86_64/mono-data-firebird~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-nunit\", rpm:\"x86_64/mono-nunit~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data-postgresql\", rpm:\"x86_64/mono-data-postgresql~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-data\", rpm:\"x86_64/mono-data~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/mono-debuginfo\", rpm:\"x86_64/debug/mono-debuginfo~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mono-devel\", rpm:\"x86_64/mono-devel~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sqlite\", rpm:\"i386/mono-data-sqlite~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-nunit\", rpm:\"i386/mono-nunit~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data\", rpm:\"i386/mono-data~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-jscript\", rpm:\"i386/mono-jscript~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-oracle\", rpm:\"i386/mono-data-oracle~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-core\", rpm:\"i386/mono-core~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/mono-debuginfo\", rpm:\"i386/debug/mono-debuginfo~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-winforms\", rpm:\"i386/mono-winforms~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-nunit-devel\", rpm:\"i386/mono-nunit-devel~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-devel\", rpm:\"i386/mono-devel~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-postgresql\", rpm:\"i386/mono-data-postgresql~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bytefx-data-mysql\", rpm:\"i386/bytefx-data-mysql~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-sybase\", rpm:\"i386/mono-data-sybase~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-web\", rpm:\"i386/mono-web~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-data-firebird\", rpm:\"i386/mono-data-firebird~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ibm-data-db2\", rpm:\"i386/ibm-data-db2~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-extras\", rpm:\"i386/mono-extras~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mono-locale-extras\", rpm:\"i386/mono-locale-extras~1.1.17.1~4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-12T11:20:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "description": "Check for the Version of mono-web", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "id": "OPENVAS:850112", "href": "http://plugins.openvas.org/nasl.php?oid=850112", "type": "openvas", "title": "SuSE Update for mono-web SUSE-SA:2007:002", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_002.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for mono-web SUSE-SA:2007:002\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security problem was found and fixed in the Mono / C# web server\n implementation.\n\n By appending spaces to URLs attackers could download the source code\n of ASP.net scripts that would normally get executed by the web server.\n\n This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only\n affects SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise 10.\n\n Older products are not affected.\n\n The updated packages for this problem were released on December 29th 2006.\";\n\ntag_impact = \"remote source code disclosure\";\ntag_affected = \"mono-web on openSUSE 10.2, SUSE LINUX 10.1, SUSE SLED 10, SUSE SLES 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850112);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"SUSE-SA\", value: \"2007-002\");\n script_cve_id(\"CVE-2006-6104\");\n script_name( \"SuSE Update for mono-web SUSE-SA:2007:002\");\n\n script_summary(\"Check for the Version of mono-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED10\")\n{\n\n if ((res = isrpmvuln(pkg:\"bytefx-data-mysql\", rpm:\"bytefx-data-mysql~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core\", rpm:\"mono-core~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core-32bit\", rpm:\"mono-core-32bit~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data\", rpm:\"mono-data~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-firebird\", rpm:\"mono-data-firebird~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-oracle\", rpm:\"mono-data-oracle~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-postgresql\", rpm:\"mono-data-postgresql~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sqlite\", rpm:\"mono-data-sqlite~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sybase\", rpm:\"mono-data-sybase~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-devel\", rpm:\"mono-devel~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-extras\", rpm:\"mono-extras~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-jscript\", rpm:\"mono-jscript~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-locale-extras\", rpm:\"mono-locale-extras~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-nunit\", rpm:\"mono-nunit~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-web\", rpm:\"mono-web~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-winforms\", rpm:\"mono-winforms~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibm-data-db2\", rpm:\"ibm-data-db2~1.1.13.8~2.15\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"bytefx-data-mysql\", rpm:\"bytefx-data-mysql~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibm-data-db2\", rpm:\"ibm-data-db2~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core\", rpm:\"mono-core~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data\", rpm:\"mono-data~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-firebird\", rpm:\"mono-data-firebird~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-oracle\", rpm:\"mono-data-oracle~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-postgresql\", rpm:\"mono-data-postgresql~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sqlite\", rpm:\"mono-data-sqlite~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sybase\", rpm:\"mono-data-sybase~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-devel\", rpm:\"mono-devel~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-extras\", rpm:\"mono-extras~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-jscript\", rpm:\"mono-jscript~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-locale-extras\", rpm:\"mono-locale-extras~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-nunit\", rpm:\"mono-nunit~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-web\", rpm:\"mono-web~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-winforms\", rpm:\"mono-winforms~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core-32bit\", rpm:\"mono-core-32bit~1.1.18.1~12.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES10\")\n{\n\n if ((res = isrpmvuln(pkg:\"bytefx-data-mysql\", rpm:\"bytefx-data-mysql~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core\", rpm:\"mono-core~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core-32bit\", rpm:\"mono-core-32bit~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data\", rpm:\"mono-data~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-firebird\", rpm:\"mono-data-firebird~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-oracle\", rpm:\"mono-data-oracle~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-postgresql\", rpm:\"mono-data-postgresql~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sqlite\", rpm:\"mono-data-sqlite~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sybase\", rpm:\"mono-data-sybase~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-devel\", rpm:\"mono-devel~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-extras\", rpm:\"mono-extras~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-jscript\", rpm:\"mono-jscript~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-locale-extras\", rpm:\"mono-locale-extras~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-nunit\", rpm:\"mono-nunit~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-web\", rpm:\"mono-web~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-winforms\", rpm:\"mono-winforms~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibm-data-db2\", rpm:\"ibm-data-db2~1.1.13.8~2.15\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bytefx-data-mysql\", rpm:\"bytefx-data-mysql~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibm-data-db2\", rpm:\"ibm-data-db2~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-core\", rpm:\"mono-core~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data\", rpm:\"mono-data~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-firebird\", rpm:\"mono-data-firebird~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-oracle\", rpm:\"mono-data-oracle~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-postgresql\", rpm:\"mono-data-postgresql~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sqlite\", rpm:\"mono-data-sqlite~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-data-sybase\", rpm:\"mono-data-sybase~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-devel\", rpm:\"mono-devel~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-extras\", rpm:\"mono-extras~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-jscript\", rpm:\"mono-jscript~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-locale-extras\", rpm:\"mono-locale-extras~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-nunit\", rpm:\"mono-nunit~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-web\", rpm:\"mono-web~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mono-winforms\", rpm:\"mono-winforms~1.1.13.8~2.15\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6104"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200701-12.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57972", "href": "http://plugins.openvas.org/nasl.php?oid=57972", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200701-12 (mono)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mono does not properly sanitize pathnames allowing unauthorized information\ndisclosure.\";\ntag_solution = \"All Mono users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/mono-1.2.2.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200701-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=159886\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200701-12.\";\n\n \n\nif(description)\n{\n script_id(57972);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6104\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200701-12 (mono)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/mono\", unaffected: make_list(\"ge 1.2.2.1\"), vulnerable: make_list(\"lt 1.2.2.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:57461", "href": "http://plugins.openvas.org/nasl.php?oid=57461", "type": "openvas", "title": "FreeBSD Ports: mono", "sourceData": "#\n#VID 5a39a22e-5478-11db-8f1a-000a48049292\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mono\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ubuntu.com/usn/usn-357-1\nhttp://secunia.com/advisories/22237/\nhttp://www.vuxml.org/freebsd/5a39a22e-5478-11db-8f1a-000a48049292.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57461);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-5072\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: mono\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mono\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.13.8.1\")<0) {\n txt += 'Package mono version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5072"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-23.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57936", "href": "http://plugins.openvas.org/nasl.php?oid=57936", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-23 (mono)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mono is vulnerable to linking attacks, potentially allowing a local user to\noverwrite arbitrary files.\";\ntag_solution = \"All Mono users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/mono-1.1.13.8.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=150264\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-23.\";\n\n \n\nif(description)\n{\n script_id(57936);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5072\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200611-23 (mono)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/mono\", unaffected: make_list(\"ge 1.1.13.8.1\"), vulnerable: make_list(\"lt 1.1.13.8.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T10:00:28", "description": "Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability. CVE-2006-6104. Remote exploit for linux platform", "published": "2006-12-20T00:00:00", "type": "exploitdb", "title": "Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6104"], "modified": "2006-12-20T00:00:00", "id": "EDB-ID:29302", "href": "https://www.exploit-db.com/exploits/29302/", "sourceData": "source: http://www.securityfocus.com/bid/21687/info\r\n\r\nXSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. \r\n\r\nAn attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.\r\n\r\nhttp://www.example.com/app/Default.aspx%20", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29302/"}], "suse": [{"lastseen": "2016-09-04T12:38:49", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6104"], "description": "A security problem was found and fixed in the Mono / C# web server implementation.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-01-04T18:49:55", "published": "2007-01-04T18:49:55", "id": "SUSE-SA:2007:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-01/msg00017.html", "title": "remote source code disclosure in mono-web", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T11:50:21", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4800", "CVE-2006-6297", "CVE-2006-5072", "CVE-2006-5973", "CVE-2006-4799"], "description": "Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-12-01T17:34:31", "published": "2006-12-01T17:34:31", "id": "SUSE-SA:2006:073", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-12/msg00010.html", "type": "suse", "title": "local privilege escalation in mono-core", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6104"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23435](https://secuniaresearch.flexerasoftware.com/advisories/23435/)\n[Secunia Advisory ID:23727](https://secuniaresearch.flexerasoftware.com/advisories/23727/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:23779](https://secuniaresearch.flexerasoftware.com/advisories/23779/)\n[Secunia Advisory ID:23432](https://secuniaresearch.flexerasoftware.com/advisories/23432/)\n[Secunia Advisory ID:23462](https://secuniaresearch.flexerasoftware.com/advisories/23462/)\n[Secunia Advisory ID:23597](https://secuniaresearch.flexerasoftware.com/advisories/23597/)\n[Related OSVDB ID: 32391](https://vulners.com/osvdb/OSVDB:32391)\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-397-1\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-12.xml\nOther Advisory URL: http://eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html\nOther Advisory URL: http://fedoranews.org/cms/node/2400\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:234\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0327.html\n[CVE-2006-6104](https://vulners.com/cve/CVE-2006-6104)\nBugtraq ID: 21687\n", "edition": 1, "modified": "2006-12-20T06:33:52", "published": "2006-12-20T06:33:52", "href": "https://vulners.com/osvdb/OSVDB:32392", "id": "OSVDB:32392", "title": "Mono XSP for ASP.NET Server System.Web Class Web.Config Credential Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6104"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23435](https://secuniaresearch.flexerasoftware.com/advisories/23435/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:23727](https://secuniaresearch.flexerasoftware.com/advisories/23727/)\n[Secunia Advisory ID:23779](https://secuniaresearch.flexerasoftware.com/advisories/23779/)\n[Secunia Advisory ID:23432](https://secuniaresearch.flexerasoftware.com/advisories/23432/)\n[Secunia Advisory ID:23462](https://secuniaresearch.flexerasoftware.com/advisories/23462/)\n[Secunia Advisory ID:23597](https://secuniaresearch.flexerasoftware.com/advisories/23597/)\n[Related OSVDB ID: 32392](https://vulners.com/osvdb/OSVDB:32392)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-397-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-12.xml\nOther Advisory URL: http://eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:234\nOther Advisory URL: http://fedoranews.org/cms/node/2400\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0327.html\n[CVE-2006-6104](https://vulners.com/cve/CVE-2006-6104)\nBugtraq ID: 21687\n", "edition": 1, "modified": "2006-12-20T06:33:52", "published": "2006-12-20T06:33:52", "href": "https://vulners.com/osvdb/OSVDB:32391", "id": "OSVDB:32391", "title": "Mono XSP for ASP.NET Server System.Web Class Source Code Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-5072"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Dec/0001.html)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:188)\n[Secunia Advisory ID:22614](https://secuniaresearch.flexerasoftware.com/advisories/22614/)\n[Secunia Advisory ID:23154](https://secuniaresearch.flexerasoftware.com/advisories/23154/)\n[Secunia Advisory ID:22277](https://secuniaresearch.flexerasoftware.com/advisories/22277/)\n[Secunia Advisory ID:23213](https://secuniaresearch.flexerasoftware.com/advisories/23213/)\n[Secunia Advisory ID:23776](https://secuniaresearch.flexerasoftware.com/advisories/23776/)\n[Secunia Advisory ID:22237](https://secuniaresearch.flexerasoftware.com/advisories/22237/)\nOther Advisory URL: http://fedoranews.org/cms/node/2401\nOther Advisory URL: http://www.ubuntu.com/usn/usn-357-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-23.xml\nISS X-Force ID: 29353\nFrSIRT Advisory: ADV-2006-3911\n[CVE-2006-5072](https://vulners.com/cve/CVE-2006-5072)\nBugtraq ID: 20340\n", "modified": "2006-10-04T04:34:34", "published": "2006-10-04T04:34:34", "href": "https://vulners.com/osvdb/OSVDB:29504", "id": "OSVDB:29504", "title": "Novell Mono System.CodeDom.Compiler Symlink Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6104"], "edition": 1, "description": "### Background\n\nMono provides the necessary software to develop and run .NET client and server applications on various platforms. \n\n### Description\n\nJose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize local pathnames which could allow server-side file content disclosure. \n\n### Impact\n\nAn attacker could append a space character to a URI and obtain unauthorized access to the source code of server-side files. An attacker could also read credentials by requesting Web.Config%20 from a Mono server. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mono users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/mono-1.2.2.1\"", "modified": "2007-01-17T00:00:00", "published": "2007-01-16T00:00:00", "id": "GLSA-200701-12", "href": "https://security.gentoo.org/glsa/200701-12", "type": "gentoo", "title": "Mono: Information disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5072"], "edition": 1, "description": "### Background\n\nMono provides the necessary software to develop and run .NET client and server applications. \n\n### Description\n\nSebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. \n\n### Impact\n\nA local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected class is called, this could result in the file being overwritten with the rights of the user running the script. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mono users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/mono-1.1.13.8.1\"", "modified": "2006-11-28T00:00:00", "published": "2006-11-28T00:00:00", "id": "GLSA-200611-23", "href": "https://security.gentoo.org/glsa/200611-23", "type": "gentoo", "title": "Mono: Insecure temporary file creation", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:29", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6104"], "description": "Jose Ramon Palanco discovered that the mono System.Web class did not \nconsistently verify local file paths. As a result, the source code for \nmono web applications could be retrieved remotely, possibly leading to \nfurther compromise via the application's source.", "edition": 6, "modified": "2006-12-20T00:00:00", "published": "2006-12-20T00:00:00", "id": "USN-397-1", "href": "https://ubuntu.com/security/notices/USN-397-1", "title": "mono vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-09T00:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5072"], "description": "Sebastian Krahmer of the SuSE security team discovered that the \nSystem.CodeDom.Compiler classes used temporary files in an insecure \nway. This could allow a symbolic link attack to create or overwrite \narbitrary files with the privileges of the user invoking the program. \nUnder some circumstances, a local attacker could also exploit this to \ninject arbitrary code into running Mono processes.", "edition": 6, "modified": "2006-10-05T00:00:00", "published": "2006-10-05T00:00:00", "id": "USN-357-1", "href": "https://ubuntu.com/security/notices/USN-357-1", "title": "Mono vulnerability", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:40", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5072"], "description": "\nSebastian Krahmer reports:\n\nSebastian Krahmer of the SuSE security team discovered\n\t that the System.CodeDom.Compiler classes used temporary\n\t files in an insecure way. This could allow a symbolic link\n\t attack to create or overwrite arbitrary files with the\n\t privileges of the user invoking the program. Under some\n\t circumstances, a local attacker could also exploit this to\n\t inject arbitrary code into running Mono processes.\n\n", "edition": 4, "modified": "2006-10-04T00:00:00", "published": "2006-10-04T00:00:00", "id": "5A39A22E-5478-11DB-8F1A-000A48049292", "href": "https://vuxml.freebsd.org/freebsd/5a39a22e-5478-11db-8f1a-000a48049292.html", "title": "mono -- \"System.CodeDom.Compiler\" Insecure Temporary Creation", "type": "freebsd", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}]}
