oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: mono loading shared libs from cwd

From: Josh Bressers <bressers () redhat com>
Date: Wed, 10 Nov 2010 14:40:00 -0500 (EST)
Please use CVE-2010-4159

Thanks.

-- 
    JB


----- "Thomas Biege" <thomas () suse de> wrote:


missed to add:
http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html

Am Mittwoch 10 November 2010 15:18:26 schrieb Thomas Biege:

Hello folks,

from our bugzilla.

"
http://www.mono-project.com/DllNotFoundException explains that the

mono

runtime
searches the current working directory for DLLs.  This opens a

serious

security
hole.  Malicious code can be given the same name as a DLL and left

in a

directory the user might visit.  Also, it means that no mono

application

 can safely set the current working directory.

Microsoft themselves addressed this issue in Windows
http://msdn.microsoft.com/en-us/library/ms682586(v=VS.85).aspx

It's a well known "dummies" question for Unix why you must not have

"." on

your
path


http://www.unix.com/unix-dummies-questions-answers/22806-why-bad-idea-inser

t- dot-path.html

Mono is exposing users to these same old hat problems.

(As a related problem, many mono programs seem to *assume* that they

will

 be run with the CWD set to their installed directory, and break if

it

 isn't.) "

Filed by Richard Brooksby.



-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support &
Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach
Previous By Date Next
Previous By Thread Next

Current thread: