{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-07T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"}, {"name": "ADV-2010-3059", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3059"}, {"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"}, {"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128941802415318&w=2"}, {"name": "MDVSA-2010:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"}, {"name": "42174", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42174"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"}, {"name": "44810", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44810"}, {"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128939912716499&w=2"}, {"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128939873515821&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"}, {"name": "ADV-2010-3059", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3059"}, {"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"}, {"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=128941802415318&w=2"}, {"name": "MDVSA-2010:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"}, {"name": "42174", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42174"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"}, {"name": "44810", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44810"}, {"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=128939912716499&w=2"}, {"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=128939873515821&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4159", "datePublished": "2010-11-17T15:00:00", "dateReserved": "2010-11-04T00:00:00", "dateUpdated": "2024-08-07T03:34:37.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C76ECD3-F1FA-4783-8E0A-919EA4042D73", "versionEndIncluding": "2.6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*", "matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*", "matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD925F27-45C0-4319-A199-433289742952", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "2E8C5613-87D1-415D-B918-3CF64C0C40F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "73F75B9D-3DC1-4994-AB23-D0435C222910", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano de la biblioteca compartida en el directorio de trabajo actual."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "id": "CVE-2010-4159", "lastModified": "2010-12-09T08:36:26.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-11-17T16:00:36.687", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=128939873515821&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=128939912716499&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=128941802415318&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42174"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"}, {"source": "secalert@redhat.com", "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/44810"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/3059"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}