Mono 'loader.c' Library Loading Local Privilege Escalation Vulnerability

Risk: Medium
Local: Yes
Remote: No
CWE: CWE-Other

CVSS Base Score: 6.9/10
Impact Subscore: 10/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-us) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 explains that the mono runtime searches the current working directory for DLLs. This opens a serious security hole. Malicious code can be given the same name as a DLL and left in a directory the user might visit. Also, it means that no mono application can safely set the current working directory. Microsoft themselves addressed this issue in Windows It's a well known "dummies" question for Unix why you must not have "." on your path Mono is exposing users to these same old hat problems. (As a related problem, many mono programs seem to *assume* that they will be run with the CWD set to their installed directory, and break if it isn't.) Reproducible: Always Steps to Reproduce: 1. 2. 3.


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top