[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Thu, 15 Oct 2009 23:58:05 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: thomas@...e.de
Subject: Re: CVE request: local root via setuid VBoxNetAdpCtl
On Tue, 13 Oct 2009, Tomas Hoger wrote:
> On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas@...e.de> wrote:
>
> > this one needs two CVE-IDs:
> > - shell meta char injection in popen()
> > - possible buffer overflow in strncpy()
> >
> > http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
>
> I believe that the following got assigned for these independently of
> this request:
>
> CVE-2009-3692
> Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in
> Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X
> allows local users to gain privileges via unknown vectors.
OK, let's do this:
CVE-2009-3692 can be "recast" so that it only addresses the shell metachar
injection in popen.
I've assigned a new CVE-2009-3704 to concentrate only on the strncpy().
Any thoughts on exploitability might be nice.
Regarding http://www.virtualbox.org/wiki/Changelog this URL is generic:
"fixed vulnerability that allowed to execute commands with root
privileges." This implies only one problem, not too. Are we sure that
the changelog addresses both problems?
- Steve
> http://www.virtualbox.org/wiki/Changelog
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
> http://www.securityfocus.com/bid/36604
> http://www.osvdb.org/58652
> http://securitytracker.com/id?1022990
> http://secunia.com/advisories/36929
> http://www.vupen.com/english/advisories/2009/2845
> http://xforce.iss.net/xforce/xfdb/53671
>
> I know this does not satisfy your request, it's rather a heads-up to
> avoid duplicate assignment.
>
> --
> Tomas Hoger / Red Hat Security Response Team
>
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ