Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 08 Sep 2014 18:36:06 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Confusion around gksu & CVE-2014-2943

Several sites identify CVE-2014-2943 as being a vulnerability in gksu:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
http://www.securityfocus.com/bid/68427

But the Mitre & NVD databases use that CVE id for a different issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943

Anyone know what the right CVE is for the gksu bug?

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ