Date: Mon, 08 Sep 2014 18:36:06 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com Subject: Confusion around gksu & CVE-2014-2943 Several sites identify CVE-2014-2943 as being a vulnerability in gksu: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu http://www.securityfocus.com/bid/68427 But the Mitre & NVD databases use that CVE id for a different issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943 Anyone know what the right CVE is for the gksu bug? -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ