Summary: | <app-emulation/virtualbox-{bin,ose}-3.0.8: Security Vulnerability in the VBoxNetAdpCtl Configuration Tool (CVE-2009-3692) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Martin Alexander Neumann <hotpotatorouting> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | andrey.vihrov, jokey, patrick, swapon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 289618 | ||
Bug Blocks: | 280052 |
Description
Martin Alexander Neumann
2009-10-13 08:29:09 UTC
CVE-2009-3692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3692): Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. What about the OSE edition? CVE-2009-3704 (http://seclists.org/oss-sec/2009/q4/43) >>> Install virtualbox-ose-3.0.8 into /var/tmp/portage/app-emulation/virtualbox-ose-3.0.8/image/ category app-emulation
install: cannot stat `vboxwebsrv': No such file or directory
!!! doins: vboxwebsrv does not exist
USE=vboxwebsrv fails.
(In reply to comment #2) > What about the OSE edition? > OSE is also affected. Opened up bug 289307 for OSE. (In reply to comment #4) > >>> Install virtualbox-ose-3.0.8 into /var/tmp/portage/app-emulation/virtualbox-ose-3.0.8/image/ category app-emulation > install: cannot stat `vboxwebsrv': No such file or directory > !!! doins: vboxwebsrv does not exist > > USE=vboxwebsrv fails. > hi, which version of net-libs/gsoap are you using? the compilation of vboxwebsrv is often afflicted by problems on gsoap, vboxwebsrv compiles here with net-libs/gsoap-2.7.13 (still masked) i just updated the virtualbox-ose ebuild (3.0.8-r1) on jokey's overlay[1], it includes fix for this and other minor issues (details on ChangeLog) [1] http://overlays.gentoo.org/dev/jokey *** Bug 289307 has been marked as a duplicate of this bug. *** I added the -r1 of ose from jokey's overlay to the tree. To be stabilised x11-drivers/xf86-video-virtualbox x11-drivers/xf86-input-virtualbox app-emulation/virtualbox-ose-additions app-emulation/virtualbox-ose app-emulation/virtualbox-modules app-emulation/virtualbox-guest-additions app-emulation/virtualbox-bin Everything in version 3.0.8 *** Bug 285451 has been marked as a duplicate of this bug. *** (In reply to comment #9) > Everything in version 3.0.8 Except -r1 for ose of course. x86 stable amd64: *ping* amd64 stable, all arches done. GLSA request filed. Old versions dropped. GLSA 201001-04, thanks everyone. |