oss-sec mailing list archives
CVE request: X2Go server
From: Chris Reffett <creffett () gentoo org>
Date: Tue, 24 Sep 2013 14:33:08 -0400
Hi all, I couldn't find a CVE, so I would like to request one for a vulnerability in X2Go Server. The vendor reported an issue where a remote user could execute arbitrary code as the x2go user, apparently by leveraging a setgid executable which did not have a hardcoded path to "libx2go-server-db-sqlite3-wrapper.pl". [1] is the commit fixing the vulnerable code, [2] is the upstream release announcement. Thanks, Chris Reffett [1] http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a [2] https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: X2Go server Chris Reffett (Sep 24)
- Re: CVE request: X2Go server Kurt Seifried (Sep 25)