CVE-2006-5072

Name of the Vulnerable Software and Affected Versions mono (affected versions not specified) mono-core (affected versions not specified) mono-core-32bit (affected versions not specified) mono-core-x86 (affected versions not specified) mono-data (affected versions not specified) mono-data-sqlite (affected versions not specified) mono-data-sybase (affected versions not specified) mono-devel (affected versions not specified) mono-extras (affected versions not specified) mono-ikvm (affected versions not specified) mono-jscript (affected versions not specified) mono-locale-extras (affected versions not specified) mono-nunit (affected versions not specified) mono-web (affected versions not specified) mono-winforms (affected versions not specified) bytefx-data-mysql (affected versions not specified) mono-basic (affected versions not specified)

Description The issue affects multiple packages of the mono operating system, including SUSE Linux Enterprise and openSUSE, allowing for remote exploitation. This can lead to a breach of confidentiality, integrity, and availability of protected information. The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, enabling local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.