[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2009 12:14:27 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: thomas@...e.de
Subject: Re: CVE request: local root via setuid VBoxNetAdpCtl
On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas@...e.de> wrote:
> this one needs two CVE-IDs:
> - shell meta char injection in popen()
> - possible buffer overflow in strncpy()
>
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
I believe that the following got assigned for these independently of
this request:
CVE-2009-3692
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in
Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X
allows local users to gain privileges via unknown vectors.
http://www.virtualbox.org/wiki/Changelog
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
http://www.securityfocus.com/bid/36604
http://www.osvdb.org/58652
http://securitytracker.com/id?1022990
http://secunia.com/advisories/36929
http://www.vupen.com/english/advisories/2009/2845
http://xforce.iss.net/xforce/xfdb/53671
I know this does not satisfy your request, it's rather a heads-up to
avoid duplicate assignment.
--
Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
