Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mono vulnerabilities

Related Vulnerabilities: CVE-2009-0217   CVE-2008-3422   CVE-2008-3906  

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217)

It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422)

Source

26 August 2009

mono vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS

Software Description

  • mono

Details

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217)

It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422)

It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3906)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
libmono-security1.0-cil - 2.0.1-4ubuntu0.1
libmono-security2.0-cil - 2.0.1-4ubuntu0.1
libmono-system-web1.0-cil - 2.0.1-4ubuntu0.1
libmono-system-web2.0-cil - 2.0.1-4ubuntu0.1
Ubuntu 8.10
libmono-security1.0-cil - 1.9.1+dfsg-4ubuntu2.1
libmono-security2.0-cil - 1.9.1+dfsg-4ubuntu2.1
libmono-system-web1.0-cil - 1.9.1+dfsg-4ubuntu2.1
libmono-system-web2.0-cil - 1.9.1+dfsg-4ubuntu2.1
Ubuntu 8.04 LTS
libmono-security1.0-cil - 1.2.6+dfsg-6ubuntu3.1
libmono-security2.0-cil - 1.2.6+dfsg-6ubuntu3.1
libmono-system-web1.0-cil - 1.2.6+dfsg-6ubuntu3.1
libmono-system-web2.0-cil - 1.2.6+dfsg-6ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started