Mono System.Math BigInteger Buffer Overflow Vulnerability
BID:26279
Info
Mono System.Math BigInteger Buffer Overflow Vulnerability
| Bugtraq ID: | 26279 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5197 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Mar 19 2015 09:06AM |
| Credit: | This issue was disclosed in the referenced SUSE advisory. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise Desktop 10 SuSE openSUSE 10.3 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc Red Hat Fedora Core7 Mono Mono 2.0 Mono Mono 1.2.5 2 Mono Mono 1.2.5 1 Mono Mono 1.1.18 Mono Mono 1.1.17 Mono Mono 1.1.13 Mono Mono 1.1.4 Mono Mono 1.0.5 Mono Mono 1.0 Mono Mono 1.1.8.3 Mono Mono 1.1.17.1 Mono Mono 1.1.13.7 Mono Mono 1.1.13.6 Mono Mono 1.1.13.4 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha |
| Not Vulnerable: | |
Discussion
Mono System.Math BigInteger Buffer Overflow Vulnerability
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.
Exploit / POC
Mono System.Math BigInteger Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Mono System.Math BigInteger Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva jay-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64mono-devel-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64mono0-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-bytefx-data-mysql-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-firebird-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-oracle-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-postgresql-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-sqlite-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-sybase-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-doc-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-extras-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-ibm-data-db2-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-jscript-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-locale-extras-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-nunit-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-web-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-winforms-1.2.5-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva jay-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libmono-devel-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libmono0-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-bytefx-data-mysql-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-firebird-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-oracle-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-postgresql-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-sqlite-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-data-sybase-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-doc-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-extras-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-ibm-data-db2-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-jscript-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-locale-extras-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-nunit-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-web-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva mono-winforms-1.2.5-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
References
Mono System.Math BigInteger Buffer Overflow Vulnerability
References:
References:
- Mono Home Page (Mono)
- [SECURITY] [DSA 1397-1] New mono packages fix integer overflow] (Moritz Muehlenhoff
)