Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20091013121427.1f4e6892@redhat.com>
Date: Tue, 13 Oct 2009 12:14:27 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: thomas@...e.de
Subject: Re: CVE request: local root via setuid VBoxNetAdpCtl

On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas@...e.de> wrote:

> this one needs two CVE-IDs:
> - shell meta char injection in popen()
> - possible buffer overflow in strncpy()
> 
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1

I believe that the following got assigned for these independently of
this request:

CVE-2009-3692
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in
Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X
allows local users to gain privileges via unknown vectors.

http://www.virtualbox.org/wiki/Changelog
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
http://www.securityfocus.com/bid/36604
http://www.osvdb.org/58652
http://securitytracker.com/id?1022990
http://secunia.com/advisories/36929
http://www.vupen.com/english/advisories/2009/2845
http://xforce.iss.net/xforce/xfdb/53671

I know this does not satisfy your request, it's rather a heads-up to
avoid duplicate assignment.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.