CVE-2006-5072 in Monoinfo

Summary

by MITRE

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/23/2026

The vulnerability identified as CVE-2006-5072 affects the System.CodeDom.Compiler classes within Novell Mono, a cross-platform implementation of the Microsoft .NET Framework. This issue stems from the insecure handling of temporary files during code compilation processes, creating a significant security risk for systems running Mono applications. The flaw manifests when the compiler generates temporary files without proper permission settings, leaving them vulnerable to manipulation by local attackers who can exploit this weakness through symlink attacks.

The technical implementation of this vulnerability involves the Mono compiler's temporary file creation mechanism failing to establish appropriate file permissions that would prevent unauthorized access or modification. When the System.CodeDom.Compiler classes generate temporary files, they typically create these files with default permissions that may be overly permissive or lack proper access controls. This insecure file creation pattern enables local users to craft symbolic links that point to sensitive system files or directories, allowing them to either overwrite critical files with malicious content or execute arbitrary code with elevated privileges.

The operational impact of CVE-2006-5072 extends beyond simple privilege escalation, as it provides attackers with a means to compromise system integrity and potentially gain unauthorized access to sensitive data. The vulnerability specifically targets local users, meaning that an attacker must already have a valid account on the system to exploit it, but this limitation does not diminish the severity of the potential compromise. When successfully exploited, the symlink attack can result in arbitrary code execution, file overwrites, and potential privilege escalation depending on the context in which the Mono compiler is used. This weakness is particularly concerning in multi-user environments where different users may be running Mono applications that generate temporary files.

From a cybersecurity perspective, this vulnerability aligns with CWE-377, which addresses insecure temporary file creation practices, and demonstrates characteristics consistent with ATT&CK technique T1059.001 for command and script injection. The issue represents a classic example of insecure file handling that can be exploited through privilege escalation techniques, particularly in environments where Mono applications are frequently executed with elevated privileges or in contexts where temporary file manipulation could lead to system compromise. Organizations running Mono-based applications should consider this vulnerability as part of their broader security posture assessment, especially when evaluating the risk of local privilege escalation attacks. The vulnerability's remediation requires proper temporary file permission management and implementation of secure coding practices that ensure temporary files are created with appropriate access controls, preventing attackers from manipulating these files through symlink attacks.

Reservation

09/28/2006

Disclosure

10/10/2006

Moderation

accepted

Entry

VDB-32630

CPE

ready

EPSS

0.00449

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!