CVE-2010-4254 (GCVE-0-2010-4254)
Vulnerability from cvelistv5
Published
2010-12-03 20:00
Modified
2024-08-07 03:34
Severity ?
CWE
  • n/a
Summary
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
References
secalert@redhat.com http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secalert@redhat.com http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
secalert@redhat.com http://secunia.com/advisories/42373 Vendor Advisory
secalert@redhat.com http://secunia.com/advisories/42877
secalert@redhat.com http://www.exploit-db.com/exploits/15974
secalert@redhat.com http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
secalert@redhat.com http://www.securityfocus.com/bid/45051
secalert@redhat.com http://www.vupen.com/english/advisories/2011/0076
secalert@redhat.com https://bugzilla.novell.com/show_bug.cgi?id=654136
secalert@redhat.com https://bugzilla.novell.com/show_bug.cgi?id=655847
secalert@redhat.com https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 Patch
secalert@redhat.com https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 Patch
secalert@redhat.com https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac Patch
af854a3a-2127-422b-91ae-364da2661108 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/42373 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/42877
af854a3a-2127-422b-91ae-364da2661108 http://www.exploit-db.com/exploits/15974
af854a3a-2127-422b-91ae-364da2661108 http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/45051
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2011/0076
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.novell.com/show_bug.cgi?id=654136
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.novell.com/show_bug.cgi?id=655847
af854a3a-2127-422b-91ae-364da2661108 https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac Patch
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2011:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
          },
          {
            "name": "42373",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42373"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
          },
          {
            "name": "15974",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15974"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
          },
          {
            "name": "42877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
          },
          {
            "name": "45051",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45051"
          },
          {
            "name": "ADV-2011-0076",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0076"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-01-15T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2011:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
        },
        {
          "name": "42373",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42373"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
        },
        {
          "name": "15974",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15974"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
        },
        {
          "name": "42877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
        },
        {
          "name": "45051",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45051"
        },
        {
          "name": "ADV-2011-0076",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0076"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4254",
    "datePublished": "2010-12-03T20:00:00",
    "dateReserved": "2010-11-16T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4254\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-12-06T13:44:54.157\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.\"},{\"lang\":\"es\",\"value\":\"Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los m\u00e9todos gen\u00e9ricos. Lo que permite a atacantes remotos evitar las restricciones gen\u00e9ricas y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una llamada a un m\u00e9todo modificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E062208D-082B-4BFD-85CA-3848ECE6F8CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.0\",\"matchCriteriaId\":\"9F4B24CA-B511-49A1-A3F6-5128279D1339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.99.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF483675-722E-42AF-9698-4BFBE4987ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.99.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB09C96-4186-4828-AF42-BDAB1D52C510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.99.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"925AFBDD-F52F-4D71-B201-1002B0B2924B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.99.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD682A37-02C5-481B-A1EB-CD8452757E7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.99.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE13D028-0948-4C9C-9EF4-56956ED64006\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/42373\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42877\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.exploit-db.com/exploits/15974\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/45051\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0076\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=654136\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=655847\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42373\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/15974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=654136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=655847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.