J-Security Center

Title: Mono System.Math BigInteger Buffer Overflow Vulnerability

Severity: HIGH

Description:

Mono is a multiplatform open-source implementation of the Microsoft .NET architecture.

Mono is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

The issue occurs in the 'BigInteger' implementation of Mono.Math. Very few technical details are currently available regarding this issue. We will update this BID as more information emerges.

To exploit this issue, an attacker needs to locate a vulnerable application developed using Mono. The application must also use attacker-supplied data in a manner suitable to exploit this issue.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products:

  • Debian Linux 4.0 alpha
  • Debian Linux 4.0 amd64
  • Debian Linux 4.0 arm
  • Debian Linux 4.0 hppa
  • Debian Linux 4.0 ia-32
  • Debian Linux 4.0 ia-64
  • Debian Linux 4.0 m68k
  • Debian Linux 4.0 mips
  • Debian Linux 4.0 mipsel
  • Debian Linux 4.0 powerpc
  • Debian Linux 4.0 s/390
  • Debian Linux 4.0 sparc
  • Gentoo Linux
  • Linux kernel 2.4.19
  • Linux kernel 2.4.21
  • Linux kernel 2.6.5
  • MandrakeSoft Linux Mandrake 2007.0
  • MandrakeSoft Linux Mandrake 2007.0 x86_64
  • MandrakeSoft Linux Mandrake 2007.1
  • MandrakeSoft Linux Mandrake 2007.1 x86_64
  • MandrakeSoft Linux Mandrake 2008.0
  • MandrakeSoft Linux Mandrake 2008.0 x86_64
  • Mono Mono 1.0.0
  • Mono Mono 1.0.5
  • Mono Mono 1.1.13
  • Mono Mono 1.1.13.4
  • Mono Mono 1.1.13.6
  • Mono Mono 1.1.13.7
  • Mono Mono 1.1.17
  • Mono Mono 1.1.17.1
  • Mono Mono 1.1.18
  • Mono Mono 1.1.4
  • Mono Mono 1.1.8.3
  • Mono Mono 1.2.5 1
  • Mono Mono 1.2.5 2
  • Mono Mono 2.0.0
  • RedHat Fedora Core7
  • S.u.S.E. Linux 10.0 ppc
  • S.u.S.E. Linux 10.0 x86
  • S.u.S.E. Linux 10.0 x86-64
  • S.u.S.E. Linux 10.1 ppc
  • S.u.S.E. Linux 10.1 x86
  • S.u.S.E. Linux 10.1 x86-64
  • S.u.S.E. Linux Desktop 10
  • S.u.S.E. Linux Enterprise SDK 10
  • S.u.S.E. Linux Enterprise Server 10
  • S.u.S.E. Linux Enterprise Server 10.SP1
  • S.u.S.E. Linux Enterprise Server 8
  • S.u.S.E. Linux Enterprise Server 9
  • S.u.S.E. Linux Personal 10.0.0 OSS
  • S.u.S.E. Linux Personal 10.1
  • S.u.S.E. Linux Personal 10.2
  • S.u.S.E. Linux Personal 10.2 x86_64
  • S.u.S.E. Linux Professional 10.0.0
  • S.u.S.E. Linux Professional 10.0.0 OSS
  • S.u.S.E. Linux Professional 10.1
  • S.u.S.E. Linux Professional 10.2
  • S.u.S.E. Linux Professional 10.2 x86_64
  • S.u.S.E. Novell Linux Desktop 9
  • S.u.S.E. Novell Linux POS 9
  • S.u.S.E. Open-Enterprise-Server
  • S.u.S.E. SLE SDK 10
  • S.u.S.E. SLE SDK 10.SP1
  • S.u.S.E. SUSE LINUX Retail Solution 8.0.0
  • S.u.S.E. SUSE Linux Enterprise Desktop 10
  • S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
  • S.u.S.E. SUSE Linux Enterprise Server 10
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP1
  • S.u.S.E. SuSE Linux Openexchange Server 4.0.0
  • S.u.S.E. SuSE Linux School Server for i386
  • S.u.S.E. SuSE Linux Standard Server 8.0.0
  • S.u.S.E. UnitedLinux 1.0.0
  • S.u.S.E. openSUSE 10.2
  • S.u.S.E. openSUSE 10.3
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 6.10 amd64
  • Ubuntu Ubuntu Linux 6.10 i386
  • Ubuntu Ubuntu Linux 6.10 powerpc
  • Ubuntu Ubuntu Linux 6.10 sparc
  • Ubuntu Ubuntu Linux 7.04 amd64
  • Ubuntu Ubuntu Linux 7.04 i386
  • Ubuntu Ubuntu Linux 7.04 powerpc
  • Ubuntu Ubuntu Linux 7.04 sparc
  • Ubuntu Ubuntu Linux 7.10 amd64
  • Ubuntu Ubuntu Linux 7.10 i386
  • Ubuntu Ubuntu Linux 7.10 powerpc
  • Ubuntu Ubuntu Linux 7.10 sparc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.