GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Oct 28, 2013 2:26 pm Post subject: [ GLSA 201310-19 ] X2Go Server: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: X2Go Server: Arbitrary code execution (GLSA 201310-19)
Severity: high
Exploitable: remote
Date: October 28, 2013
Bug(s): #472582
ID: 201310-19
Synopsis
A path vulnerability in X2Go Server may allow remote execution of
arbitrary code.
Background
X2Go is an open source terminal server project.
Affected Packages
Package: net-misc/x2goserver
Vulnerable: < 4.0.0.2
Unaffected: >= 4.0.0.2
Architectures: All supported architectures
Description
A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not
hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote
attacker to change that path.
Impact
A remote attacker may be able to execute arbitrary code with the
privileges of the user running the server process.
Workaround
There is no known workaround at this time.
Resolution
All X2Go Server users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.0.2"
|
References
CVE-2013-4376 |
|
News & Announcements
