oss-sec mailing list archives
Confusion around gksu & CVE-2014-2943
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 08 Sep 2014 18:36:06 -0700
Several sites identify CVE-2014-2943 as being a vulnerability in gksu: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu http://www.securityfocus.com/bid/68427 But the Mitre & NVD databases use that CVE id for a different issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943 Anyone know what the right CVE is for the gksu bug? -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- Confusion around gksu & CVE-2014-2943 Alan Coopersmith (Sep 08)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 12)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 17)