Описание
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-4254
- https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
- https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
- https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
- https://bugzilla.novell.com/show_bug.cgi?id=654136
- https://bugzilla.novell.com/show_bug.cgi?id=655847
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://secunia.com/advisories/42373
- http://secunia.com/advisories/42877
- http://www.exploit-db.com/exploits/15974
- http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
- http://www.securityfocus.com/bid/45051
- http://www.vupen.com/english/advisories/2011/0076
Связанные уязвимости
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used ...