FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mono -- "System.CodeDom.Compiler" Insecure Temporary Creation

Affected packages
mono <


VuXML ID 5a39a22e-5478-11db-8f1a-000a48049292
Discovery 2006-10-04
Entry 2006-10-05

Sebastian Krahmer reports:

Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.


CVE Name CVE-2006-5072