Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 15 Oct 2009 23:58:05 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: thomas@...e.de
Subject: Re: CVE request: local root via setuid VBoxNetAdpCtl


On Tue, 13 Oct 2009, Tomas Hoger wrote:

> On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas@...e.de> wrote:
>
> > this one needs two CVE-IDs:
> > - shell meta char injection in popen()
> > - possible buffer overflow in strncpy()
> >
> > http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
>
> I believe that the following got assigned for these independently of
> this request:
>
> CVE-2009-3692
> Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in
> Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X
> allows local users to gain privileges via unknown vectors.

OK, let's do this:

CVE-2009-3692 can be "recast" so that it only addresses the shell metachar
injection in popen.

I've assigned a new CVE-2009-3704 to concentrate only on the strncpy().
Any thoughts on exploitability might be nice.

Regarding http://www.virtualbox.org/wiki/Changelog this URL is generic:
"fixed vulnerability that allowed to execute commands with root
privileges."  This implies only one problem, not too.  Are we sure that
the changelog addresses both problems?

- Steve




> http://www.virtualbox.org/wiki/Changelog
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
> http://www.securityfocus.com/bid/36604
> http://www.osvdb.org/58652
> http://securitytracker.com/id?1022990
> http://secunia.com/advisories/36929
> http://www.vupen.com/english/advisories/2009/2845
> http://xforce.iss.net/xforce/xfdb/53671
>
> I know this does not satisfy your request, it's rather a heads-up to
> avoid duplicate assignment.
>
> --
> Tomas Hoger / Red Hat Security Response Team
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.