[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <5241DAE4.9010506@gentoo.org>
Date: Tue, 24 Sep 2013 14:33:08 -0400
From: Chris Reffett <creffett@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: X2Go server
Hi all,
I couldn't find a CVE, so I would like to request one for a
vulnerability in X2Go Server. The vendor reported an issue where a
remote user could execute arbitrary code as the x2go user, apparently by
leveraging a setgid executable which did not have a hardcoded path to
"libx2go-server-db-sqlite3-wrapper.pl". [1] is the commit fixing the
vulnerable code, [2] is the upstream release announcement.
Thanks,
Chris Reffett
[1]
http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a
[2]
https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html
Download attachment "signature.asc" of type "application/pgp-signature" (394 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
