CVE-2010-4159

{"id": "CVE-2010-4159", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-11-17T16:00:36.687", "references": [{"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=128939873515821&w=2", "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=128939912716499&w=2", "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=128941802415318&w=2", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42174", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240", "source": "secalert@redhat.com"}, {"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/44810", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3059", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915", "source": "secalert@redhat.com"}, {"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano de la biblioteca compartida en el directorio de trabajo actual."}], "lastModified": "2010-12-09T08:36:26.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C76ECD3-F1FA-4783-8E0A-919EA4042D73", "versionEndIncluding": "2.6.7"}, {"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2"}, {"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD"}, {"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B"}, {"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334"}, {"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215"}, {"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D"}, {"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B"}, {"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40"}, {"criteria": "cpe:2.3:a:mono:mono:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD925F27-45C0-4319-A199-433289742952"}, {"criteria": "cpe:2.3:a:mono:mono:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E8C5613-87D1-415D-B918-3CF64C0C40F2"}, {"criteria": "cpe:2.3:a:mono:mono:2.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73F75B9D-3DC1-4994-AB23-D0435C222910"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "secalert@redhat.com"}