exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-5197

Status Candidate

Overview

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

Related Files

Mandriva Linux Security Advisory 2009-322
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-322 - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Multiple cross-site scripting (XSS) vulnerabilities were discovered in the ASP.net class libraries in Mono 2.0 and earlier. CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to fix these issues.

tags | advisory, remote, web, overflow, arbitrary, vulnerability, code execution, xss, asp
systems | linux, mandriva
advisories | CVE-2007-5197, CVE-2008-3422, CVE-2008-3906, CVE-2009-0217
SHA-256 | ac595de6900cd8c12028c1914747f7f1fc67ec1d0d49ad77f576b6b17b0f2203
Ubuntu Security Notice 553-1
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5197
SHA-256 | a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70
Mandriva Linux Security Advisory 2007.218
Posted Nov 15, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2007-5197
SHA-256 | 137236c8fb8c0709ef73e41a180638df2a6fb8a95bb7e1ca94853f7e1aef6a2d
Gentoo Linux Security Advisory 200711-10
Posted Nov 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-10 - IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow. Versions less than 1.2.5.1-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-5197
SHA-256 | 157dbf65fa9c48dcc11e6cbc81112b4f73b0aea507f3b06157c9ee8a6bb7b4a0
Debian Linux Security Advisory 1397-1
Posted Nov 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1397-1 - An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2007-5197
SHA-256 | 1cdb7afd8bac5546613f19a9bee37755c6c52aba6fe90875ef46787e8394f350
Page 1 of 1
Back1Next

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    12 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close