CVE-2010-4254
Published: 6 December 2010
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Notes
Author | Note |
---|---|
mdeslaur |
upstream note: The bug (and fix) is in mono source code but can only be exploited (by untrusted applications) when used by Moonlight. Setting severity to negligile. |
Priority
Status
Package | Release | Status |
---|---|---|
mono
Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(2.6.7-5ubuntu2)
|
|
oneiric |
Not vulnerable
(2.6.7-5ubuntu2)
|
|
precise |
Not vulnerable
(2.6.7-5ubuntu2)
|
|
quantal |
Not vulnerable
(2.6.7-5ubuntu2)
|
|
raring |
Not vulnerable
(2.6.7-5ubuntu2)
|
|
upstream |
Released
(2.6.7-5)
|
|
Patches:
upstream: https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 upstream: https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 upstream: https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac |