Joined: 12 May 2004
|Posted: Mon Oct 28, 2013 2:26 pm Post subject: [ GLSA 201310-19 ] X2Go Server: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: X2Go Server: Arbitrary code execution (GLSA 201310-19)
Date: October 28, 2013
A path vulnerability in X2Go Server may allow remote execution of
X2Go is an open source terminal server project.
Vulnerable: < 18.104.22.168
Unaffected: >= 22.214.171.124
Architectures: All supported architectures
A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not
hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote
attacker to change that path.
A remote attacker may be able to execute arbitrary code with the
privileges of the user running the server process.
There is no known workaround at this time.
All X2Go Server users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/x2goserver-126.96.36.199"