CVE-2007-5197: Buffer Overflow
First published: Fri Nov 02 2007(Updated: )
<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197">http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197</a> "Buffer overflow in the Mono.Math.BigInteger class in Mono allows context-dependent attackers to execute arbitrary code via unspecified vectors." Patch extracted from Debian's 1.2.2.1-1etch1 patchkit (attached) seems to apply to 1.2.5.1 in devel with some line offsets, I have done no further analysis.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/1.2.5.1 | <2. | 2. |
| SUSE Linux Openexchange Server | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| openSUSE | =10.2 | |
| openSUSE | =10.3 | |
| SUSE Linux | =1.0 | |
| SUSE Linux | =8 | |
| SUSE Linux | =8.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =10 | |
| SUSE Linux | =10 | |
| SUSE Linux | =10-sp1 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.1 | |
| SUSE Linux | =10.1 | |
| SUSE Linux | =10.1 | |
| SUSE Linux | =10.1 | |
| SUSE Linux | =10.1 | |
| SUSE Linux | =10.2 | |
| SUSE Linux | =10.2 | |
| suse suse united linux | =1.0 | |
| Mono | <=1.2.5.1 | |
| Mono | =1.0 | |
| Mono | =1.0.5 | |
| Mono | =1.1.4 | |
| Mono | =1.1.8.3 | |
| Mono | =1.1.13 | |
| Mono | =1.1.13.4 | |
| Mono | =1.1.13.6 | |
| Mono | =1.1.13.7 | |
| Mono | =1.1.17 | |
| Mono | =1.1.17.1 | |
| Mono | =1.1.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.novell.com/linux/security/advisories/2007_23_sr.html
- http://www.securityfocus.com/bid/26279
- http://bugs.gentoo.org/attachment.cgi?id=134361&action=view
- http://bugs.gentoo.org/show_bug.cgi?id=197067
- https://bugzilla.redhat.com/show_bug.cgi?id=367471
- http://www.debian.org/security/2007/dsa-1397
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html
- http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:218
- http://www.ubuntu.com/usn/usn-553-1
- http://www.securitytracker.com/id?1018892
- http://secunia.com/advisories/27493
- http://secunia.com/advisories/27511
- http://secunia.com/advisories/27583
- http://secunia.com/advisories/27612
- http://secunia.com/advisories/27639
- http://secunia.com/advisories/27439
- http://secunia.com/advisories/27937
- http://www.vupen.com/english/advisories/2007/3716
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38248
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=248611&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=248611&action=edit
- https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3130
- https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2969
Frequently Asked Questions
What is the severity of CVE-2007-5197?
CVE-2007-5197 has been classified with a high severity due to its potential to allow execution of arbitrary code through a buffer overflow.
How do I fix CVE-2007-5197?
To fix CVE-2007-5197, upgrade Mono to a patched version that addresses the buffer overflow vulnerability.
Which versions of Mono are affected by CVE-2007-5197?
CVE-2007-5197 affects Mono versions up to and including 1.2.5.1.
What type of vulnerability is CVE-2007-5197?
CVE-2007-5197 is a buffer overflow vulnerability found in the Mono.Math.BigInteger class.
Can this vulnerability be exploited remotely in CVE-2007-5197?
Yes, CVE-2007-5197 can potentially be exploited by remote, context-dependent attackers.
- collector/nvd-historical
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-5197
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/suse
- canonical/suse linux openexchange server
- version/suse linux openexchange server/4.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/4.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/10.2
- version/opensuse/10.3
- canonical/suse linux
- version/suse linux/1.0
- version/suse linux/8
- version/suse linux/8.0
- version/suse linux/9.0
- version/suse linux/10
- version/suse linux/10-sp1
- version/suse linux/10.0
- version/suse linux/10.1
- version/suse linux/10.2
- canonical/suse suse united linux
- version/suse suse united linux/1.0
- vendor/mono
- canonical/mono
- version/mono/1.2.5.1
- version/mono/1.0
- version/mono/1.0.5
- version/mono/1.1.4
- version/mono/1.1.8.3
- version/mono/1.1.13
- version/mono/1.1.13.4
- version/mono/1.1.13.6
- version/mono/1.1.13.7
- version/mono/1.1.17
- version/mono/1.1.17.1
- version/mono/1.1.18