[Mono-dev] Redhat CVE-2010-1459

Paul paul at all-the-johnsons.co.uk
Mon May 31 12:04:41 EDT 2010


As one of the packagers for mono in Fedora, I've been alerted to a
security issue (detailed at
https://www.redhat.com/security/data/cve/CVE-2010-1459.html ). This
problem doesn't affect 2.6.4 but does for older versions.

The EnableViewStateMac property in the default config of ASP.NET is set
to FALSE which can give attackers cross-site attack capabilities.

Is there a problem setting this value to TRUE as a quick fix or is there
a better solution?


Biggles was quietly reading his favourite book when Algy burst through
the door. Distracted for a moment, Biggles surveyed what had happened
and turned a page. "Algy old man" he said, clearing his throat, "use the
handle next time..." - Taken from "Biggles combs his Hair"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20100531/d879dffd/attachment.bin 

More information about the Mono-devel-list mailing list