CVE-2007-5197

Related Files

Mandriva Linux Security Advisory 2009-322

Posted Dec 7, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-322 - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Multiple cross-site scripting (XSS) vulnerabilities were discovered in the ASP.net class libraries in Mono 2.0 and earlier. CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to fix these issues.

tags | advisory, remote, web, overflow, arbitrary, vulnerability, code execution, xss, asp

systems | linux, mandriva

advisories | CVE-2007-5197, CVE-2008-3422, CVE-2008-3906, CVE-2009-0217

SHA-256 | ac595de6900cd8c12028c1914747f7f1fc67ec1d0d49ad77f576b6b17b0f2203

Download | Favorite | View

Ubuntu Security Notice 553-1

Posted Dec 6, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2007-5197

SHA-256 | a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70

Download | Favorite | View

Mandriva Linux Security Advisory 2007.218

Posted Nov 15, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers.

tags | advisory, overflow, arbitrary, code execution

systems | linux, mandriva

advisories | CVE-2007-5197

SHA-256 | 137236c8fb8c0709ef73e41a180638df2a6fb8a95bb7e1ca94853f7e1aef6a2d

Download | Favorite | View

Gentoo Linux Security Advisory 200711-10

Posted Nov 8, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-10 - IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow. Versions less than 1.2.5.1-r1 are affected.

tags | advisory, overflow

systems | linux, gentoo

advisories | CVE-2007-5197

SHA-256 | 157dbf65fa9c48dcc11e6cbc81112b4f73b0aea507f3b06157c9ee8a6bb7b4a0

Download | Favorite | View

Debian Linux Security Advisory 1397-1

Posted Nov 5, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1397-1 - An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

tags | advisory, overflow

systems | linux, debian

advisories | CVE-2007-5197

SHA-256 | 1cdb7afd8bac5546613f19a9bee37755c6c52aba6fe90875ef46787e8394f350

Download | Favorite | View