oss-sec mailing list archives

Confusion around gksu & CVE-2014-2943

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 08 Sep 2014 18:36:06 -0700

Several sites identify CVE-2014-2943 as being a vulnerability in gksu:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
http://www.securityfocus.com/bid/68427

But the Mitre & NVD databases use that CVE id for a different issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943

Anyone know what the right CVE is for the gksu bug?

--
        -Alan Coopersmith-              alan.coopersmith () oracle com
         Oracle Solaris Engineering - http://blogs.oracle.com/alanc

Current thread:

Confusion around gksu & CVE-2014-2943 Alan Coopersmith (Sep 08)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 12)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 17)