oss-sec mailing list archives
Re: CVE request: local root via setuid VBoxNetAdpCtl
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 15 Oct 2009 23:58:05 -0400 (EDT)
On Tue, 13 Oct 2009, Tomas Hoger wrote:
On Tue, 13 Oct 2009 08:38:40 +0200 Thomas Biege <thomas () suse de> wrote:this one needs two CVE-IDs: - shell meta char injection in popen() - possible buffer overflow in strncpy() http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1I believe that the following got assigned for these independently of this request: CVE-2009-3692 Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
OK, let's do this: CVE-2009-3692 can be "recast" so that it only addresses the shell metachar injection in popen. I've assigned a new CVE-2009-3704 to concentrate only on the strncpy(). Any thoughts on exploitability might be nice. Regarding http://www.virtualbox.org/wiki/Changelog this URL is generic: "fixed vulnerability that allowed to execute commands with root privileges." This implies only one problem, not too. Are we sure that the changelog addresses both problems? - Steve
http://www.virtualbox.org/wiki/Changelog http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 http://www.securityfocus.com/bid/36604 http://www.osvdb.org/58652 http://securitytracker.com/id?1022990 http://secunia.com/advisories/36929 http://www.vupen.com/english/advisories/2009/2845 http://xforce.iss.net/xforce/xfdb/53671 I know this does not satisfy your request, it's rather a heads-up to avoid duplicate assignment. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: local root via setuid VBoxNetAdpCtl Thomas Biege (Oct 12)
- Re: CVE request: local root via setuid VBoxNetAdpCtl Tomas Hoger (Oct 13)
- Re: CVE request: local root via setuid VBoxNetAdpCtl Steven M. Christey (Oct 15)
- Re: CVE request: local root via setuid VBoxNetAdpCtl Tomas Hoger (Oct 13)