[VIM] IBM GCM16/32 v1.20.0.22575 vulnerabilities
Himanshu Mehta
Himanshu_Mehta at symantec.com
Tue Jul 22 06:10:07 CDT 2014
Hi George,
BID: 67352 was updated according to the CVE mentioned in Full Disclosure (http://seclists.org/fulldisclosure/2014/Jul/113). We cross-checked now and updated accordingly.
Thanks for bringing this to our notice.
Regards,
Himanshu Mehta
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Tuesday, July 22, 2014 6:18 AM
To: Vulnerability Information Managers
Subject: [VIM] IBM GCM16/32 v1.20.0.22575 vulnerabilities
In a post to Full Disclosure (http://seclists.org/fulldisclosure/2014/Jul/113), Alejandro Alvarez today references CVE-2014-2085 for a remote code execution vulnerability in IBM GCM KVM switch. That's been rejected by Mitre and the underlying issue merged into CVE-2014-2084 "because it is the same type of vulnerability and affects the same versions." And CVE-2014-2084 is for multiple information disclosure vulnerabilities in Skybox View Appliances.
It looks like SecurityFocus merged the IBM GCM KVM switch issue into BID 67352 today. Other than referencing CVE-2014-2085, the issues covered by the BID seem totally unrelated to the RCE reported today by Alvarez. Himanshu / Dinesh / Narayan / Venkat / Rob : would you explain the thinking behind this merge?
George
--
theall at tenable.com
More information about the VIM
mailing list