From http://www.openwall.com/lists/oss-security/2010/11/10/3: "http://www.mono-project.com/DllNotFoundException explains that the mono runtime searches the current working directory for DLLs. This opens a serious security hole. Malicious code can be given the same name as a DLL and left in a directory the user might visit. Also, it means that no mono application can safely set the current working directory. Microsoft themselves addressed this issue in Windows http://msdn.microsoft.com/en-us/library/ms682586(v=VS.85).aspx It's a well known "dummies" question for Unix why you must not have "." on your path http://www.unix.com/unix-dummies-questions-answers/22806-why-bad-idea-insert-dot-path.html Mono is exposing users to these same old hat problems. (As a related problem, many mono programs seem to *assume* that they will be run with the CWD set to their installed directory, and break if it isn't.)"
Mono 2.8.1 contains this fix and has been released upstream.
But, if we are going to stabilize a newer mono version to fix this one, I would prefer to find time for backporting the patch to mono-2.6 series, since I doubt mono-2.8 is ready to go stable
Fixed packages have been stabilized via 352808 and, for ppc only, 359651. GLSA Vote: yes.
CVE-2010-4159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4159): Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Vote: YES. Added to pending GLSA request.
This issue was resolved and addressed in GLSA 201206-13 at http://security.gentoo.org/glsa/glsa-201206-13.xml by GLSA coordinator Tobias Heinlein (keytoaster).