oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: X2Go server

From: Chris Reffett <creffett () gentoo org>
Date: Tue, 24 Sep 2013 14:33:08 -0400
Hi all,
I couldn't find a CVE, so I would like to request one for a
vulnerability in X2Go Server. The vendor reported an issue where a
remote user could execute arbitrary code as the x2go user, apparently by
leveraging a setgid executable which did not have a hardcoded path to
"libx2go-server-db-sqlite3-wrapper.pl". [1] is the commit fixing the
vulnerable code, [2] is the upstream release announcement.

Thanks,
Chris Reffett


[1]
http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a
[2]
https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: