Bug 159886 - dev-lang/mono <1.2.2.1: information disclosure with %20 (CVE-2006-6104)
Bug#: 159886 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: compnerd@gentoo.org
Component: Vulnerabilities
URL: 
Summary: dev-lang/mono <1.2.2.1: information disclosure with %20 (CVE-2006-6104)
Keywords:  
Status Whiteboard: B4? [glsa]
Opened: 2007-01-03 11:47 0000
Description:   Opened: 2007-01-03 11:47 0000 
This addresses a security issue (CVE-2006-6104) and is a *MUCH* improved
version.

------- Comment #1 From Matthias Geerdsen 2007-01-06 13:43:48 0000 ------- 
i am hijacking this bug for security, since this fixes a security issue

compnerd, pls assign security issues to the security team... we will handle
stable marking

no need to restrict this bug either, since the issue is public and arch teams
cannot access it this way

------- Comment #2 From Raúl Porcel 2007-01-06 17:14:34 0000 ------- 
In x86:

Emerges and seems to work.

However: 
Running eautoreconf in '/var/tmp/portage/mono-1.2.2.1/work/mono-1.2.2.1/libgc'
...
QA Notice: ${WANT_AUTOCONF} variable unset. Please report on
http://bugs.gentoo.org/
QA Notice: ${WANT_AUTOMAKE} variable unset. Please report on
http://bugs.gentoo.org/

Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4,
2.6.18-gentoo-r6 i686)
=================================================================
System uname: 2.6.18-gentoo-r6 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.12.6
Last Sync: Sat, 06 Jan 2007 09:50:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox
sfperms strict"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ "
LC_ALL="en_US.ISO-8859-15"
MAKEOPTS="-j2"
PKGDIR="/tmp/lea/var/tmp/binpkgs"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --dele
te --delete-after --stats --timeout=180 --exclude='/distfiles'
--exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.belnet.be/packages/gentoo-portage"
USE="x86 X alsa_cards_pcsp alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw
alsa_pcm_plugins_asym alsa_pcm_plug
ins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop
alsa_pcm_plugins_empty alsa_
pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks
alsa_pcm_plugins_iec958 alsa_pcm_plugins_i
oplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear
alsa_pcm_plugins_meter alsa_p
cm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null
alsa_pcm_plugins_plug alsa_pcm_plugins_rate a
lsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm
alsa_pcm_plugins_softvol bitmap-fonts bzi
p2 cairo cdr cli cracklib crypt dbus dlloader dri dvd dvdr eds elibc_glibc
emboss encode fam firefox fortra
n gif gpm gstreamer gtk hal iconv input_devices_evdev input_devices_keyboard
input_devices_mouse isdnlog jp
eg kernel_linux ldap libg++ mad mikmod mp3 mpeg ncurses nptl nptlonly ogg
opengl pam pcre perl png ppds ppp
d python qt3 qt4 quicktime readline reflection sdl session spell spl ssl tcpd
truetype truetype-fonts type1
-fonts udev unicode userland_GNU video_cards_vesa vorbis win32codecs xml xorg
xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #3 From Christian Faulhammer 2007-01-06 18:58:26 0000 ------- 
x86 does the monkey

------- Comment #4 From Tobias Scherbaum 2007-01-08 19:54:16 0000 ------- 
ppc stable

------- Comment #5 From Michael Cummings (RETIRED) 2007-01-09 00:32:21 0000 ------- 
I could not get this package to pass the test phase - is it supposed to?
Looking at the portage log I see a lot of reference to /root/.config - eh? It
builds and installs, but does not pass testing. Do you have any example apps I
can run against it to confirm it's working?

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-01-09 08:32:01 0000 ------- 
dotnet, please advise.

------- Comment #7 From Saleem Abdulrasool (RETIRED) 2007-01-11 06:13:52 0000 ------- 
You could try many of the various dot-net apps in portage (tomboy, muine,
blam), as anything we give you would most likely be of little value.

------- Comment #8 From Olivier Crete 2007-01-14 03:00:57 0000 ------- 
stable on amd64.... 
the tests fail.... if its ok.. please use RESTRICT=test.... otherwise fix it ;)

------- Comment #9 From Olivier Crete 2007-01-14 03:11:54 0000 ------- 
oops

------- Comment #10 From Raphael Marichez 2007-01-14 17:37:16 0000 ------- 
Thanks everybody, everything is ok now AFAIK, now it's time to vote for a GLSA
or not.

I vote for a GLSA because the exploit is trivial and can have severe
consequences (disclosure of passwords, etc)

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-01-14 18:42:19 0000 ------- 
I vote YES.

------- Comment #12 From Matt Drew 2007-01-14 18:48:44 0000 ------- 
padawan /vote YES

------- Comment #13 From Raphael Marichez 2007-01-17 21:48:34 0000 ------- 
GLSA 200701-12