oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Confusion around gksu & CVE-2014-2943

From: cve-assign () mitre org
Date: Fri, 12 Sep 2014 14:43:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Several sites identify CVE-2014-2943 as being a vulnerability in gksu:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
http://www.securityfocus.com/bid/68427

But the Mitre & NVD databases use that CVE id for a different issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943



Anyone know what the right CVE is for the gksu bug?


MITRE has been working on this for a few days but unfortunately hasn't
received a definitive reply about the gksu CVE ID. For now, all we can
say is that CVE-2014-2943 is currently a correct CVE ID for a Cobham
Aviator satellite terminal issue. The correct CVE ID for the gksu
issue is not CVE-2014-2943. We hope to resolve this by early next
week.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUEz5FAAoJEKllVAevmvmsB60IAKFE/iYOcjmhuE42YPEsC+1E
Dq+ws8Epwurvn/v34WjpvxjZbdX5HApN8JBTaaM8u3n3cZXQFrAiWVc+NNCGVcFt
uvQb/jx2SbsVrpaxvMebCws1CXm+LzNMRmPzhKWBl2NRWARb1OU0nwYc9NEIrFN5
4Juj0MiQ8tFSqZ0FREjJZ+k34lNkDW0+MtEAWD2qpAeLWYmcbemBLol5SnIb7B3k
9vAD56hcWBIATqh0KoihRLOg4phmnAyCrlB3mmRaUUzhpuz9XdSQVCgnrsHSCZgm
qROKGv2UzrEZXfCF+KFnmji6dfNyBe12b/3GINftVopNlPl/Wiiypccr/jTZHLk=
=9w8L
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: