Candidate: CVE-2010-4254
PublicDate: 2010-12-06 13:44:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
Description:
 Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used,
 does not properly validate arguments to generic methods, which allows
 remote attackers to bypass generic constraints, and possibly execute
 arbitrary code, via a crafted method call.
Ubuntu-Description:
Notes:
 mdeslaur> upstream note: The bug (and fix) is in mono source code but can
 mdeslaur> only be exploited (by untrusted applications) when used by
 mdeslaur> Moonlight.
 mdeslaur> Setting severity to negligile.
Bugs:
 https://bugs.edge.launchpad.net/ubuntu/+source/moon/+bug/691780
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608288
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 

Patches_mono:
 upstream: https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
 upstream: https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
 upstream: https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
upstream_mono: released (2.6.7-5)
dapper_mono: ignored (reached end-of-life)
hardy_mono: ignored (moonlight plugin not available)
karmic_mono: ignored (reached end-of-life)
lucid_mono: ignored (reached end-of-life)
maverick_mono: ignored (reached end-of-life)
natty_mono: not-affected (2.6.7-5ubuntu2)
oneiric_mono: not-affected (2.6.7-5ubuntu2)
precise_mono: not-affected (2.6.7-5ubuntu2)
quantal_mono: not-affected (2.6.7-5ubuntu2)
raring_mono: not-affected (2.6.7-5ubuntu2)
devel_mono: not-affected (2.6.7-5ubuntu2)