Mandriva Linux Security Advisory 2009-322 - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Multiple cross-site scripting (XSS) vulnerabilities were discovered in the ASP.net class libraries in Mono 2.0 and earlier. CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to fix these issues.
ac595de6900cd8c12028c1914747f7f1fc67ec1d0d49ad77f576b6b17b0f2203
Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70
Mandriva Linux Security Advisory - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers.
137236c8fb8c0709ef73e41a180638df2a6fb8a95bb7e1ca94853f7e1aef6a2d
Gentoo Linux Security Advisory GLSA 200711-10 - IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow. Versions less than 1.2.5.1-r1 are affected.
157dbf65fa9c48dcc11e6cbc81112b4f73b0aea507f3b06157c9ee8a6bb7b4a0
Debian Security Advisory 1397-1 - An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.
1cdb7afd8bac5546613f19a9bee37755c6c52aba6fe90875ef46787e8394f350