oss-sec mailing list archives
Re: Confusion around gksu & CVE-2014-2943
From: cve-assign () mitre org
Date: Fri, 12 Sep 2014 14:43:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Several sites identify CVE-2014-2943 as being a vulnerability in gksu: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu http://www.securityfocus.com/bid/68427 But the Mitre & NVD databases use that CVE id for a different issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2943 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2943
Anyone know what the right CVE is for the gksu bug?
MITRE has been working on this for a few days but unfortunately hasn't received a definitive reply about the gksu CVE ID. For now, all we can say is that CVE-2014-2943 is currently a correct CVE ID for a Cobham Aviator satellite terminal issue. The correct CVE ID for the gksu issue is not CVE-2014-2943. We hope to resolve this by early next week. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUEz5FAAoJEKllVAevmvmsB60IAKFE/iYOcjmhuE42YPEsC+1E Dq+ws8Epwurvn/v34WjpvxjZbdX5HApN8JBTaaM8u3n3cZXQFrAiWVc+NNCGVcFt uvQb/jx2SbsVrpaxvMebCws1CXm+LzNMRmPzhKWBl2NRWARb1OU0nwYc9NEIrFN5 4Juj0MiQ8tFSqZ0FREjJZ+k34lNkDW0+MtEAWD2qpAeLWYmcbemBLol5SnIb7B3k 9vAD56hcWBIATqh0KoihRLOg4phmnAyCrlB3mmRaUUzhpuz9XdSQVCgnrsHSCZgm qROKGv2UzrEZXfCF+KFnmji6dfNyBe12b/3GINftVopNlPl/Wiiypccr/jTZHLk= =9w8L -----END PGP SIGNATURE-----
Current thread:
- Confusion around gksu & CVE-2014-2943 Alan Coopersmith (Sep 08)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 12)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 17)