GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jul 10, 2008 12:26 am Post subject: [ GLSA 200807-07 ] NX: User-assisted execution of arbitrary |
|
|
Gentoo Linux Security Advisory
Title: NX: User-assisted execution of arbitrary code (GLSA 200807-07)
Severity: normal
Exploitable: remote
Date: July 09, 2008
Bug(s): #230147
ID: 200807-07
Synopsis
NX uses code from the X.org X11 server which is prone to multiple
vulnerabilities.
Background
NoMachine's NX establishes remote connections to X11 desktops over
small bandwidth links. NX and NX Node are the compression core
libraries, whereas NX is used by FreeNX and NX Node by the binary-only
NX servers.
Affected Packages
Package: net-misc/nxnode
Vulnerable: < 3.2.0-r3
Unaffected: >= 3.2.0-r3
Architectures: All supported architectures
Package: net-misc/nx
Vulnerable: < 3.2.0-r2
Unaffected: >= 3.2.0-r2
Architectures: All supported architectures
Description
Multiple integer overflow and buffer overflow vulnerabilities have been
discovered in the X.Org X server as shipped by NX and NX Node (GLSA
200806-07).
Impact
A remote attacker could exploit these vulnerabilities via unspecified
vectors, leading to the execution of arbitrary code with the privileges
of the user on the machine running the NX server.
Workaround
There is no known workaround at this time.
Resolution
All NX Node users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.2.0-r3" |
All NX users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/nx-3.2.0-r2" |
References
GLSA 200806-07
Last edited by GLSA on Mon Jun 10, 2013 4:28 am; edited 3 times in total |
|