Date: Tue, 13 Oct 2009 12:14:27 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: thomas@...e.de Subject: Re: CVE request: local root via setuid VBoxNetAdpCtl On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas@...e.de> wrote: > this one needs two CVE-IDs: > - shell meta char injection in popen() > - possible buffer overflow in strncpy() > > http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 I believe that the following got assigned for these independently of this request: CVE-2009-3692 Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. http://www.virtualbox.org/wiki/Changelog http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 http://www.securityfocus.com/bid/36604 http://www.osvdb.org/58652 http://securitytracker.com/id?1022990 http://secunia.com/advisories/36929 http://www.vupen.com/english/advisories/2009/2845 http://xforce.iss.net/xforce/xfdb/53671 I know this does not satisfy your request, it's rather a heads-up to avoid duplicate assignment. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.