[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: X2Go server
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-09-25 15:41:49
Message-ID: 5243043D.5000409 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/24/2013 12:33 PM, Chris Reffett wrote:
> Hi all, I couldn't find a CVE, so I would like to request one for
> a vulnerability in X2Go Server. The vendor reported an issue where
> a remote user could execute arbitrary code as the x2go user,
> apparently by leveraging a setgid executable which did not have a
> hardcoded path to "libx2go-server-db-sqlite3-wrapper.pl". [1] is
> the commit fixing the vulnerable code, [2] is the upstream release
> announcement.
>
> Thanks, Chris Reffett
>
>
> [1]
> http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a
>
>
[2]
> https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html
>
>
Please use CVE-2013-4376 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSQwQ9AAoJEBYNRVNeJnmTOecP/jwT6Mm4bCyevHTlX4dFE7s2
8WYVKrPnMAInp2cZmPRj8U7H/tsd4JO13ZLz7FdeG4uXWwoOUMn9RFEGPZ3WKN+S
Ey5+OHT1ZHIc9OJLgnTpoMNY+B7u72F3p0EeXhPPjIPtv3WBw7ZTDk3Bb/X3bcKy
AoUv3WJ56OSR/bB5N97PmhC+7+cXW725bWGQg7E3aSYV8zSDAv8UbGJU0GZNPMEq
XV0e1Ah/ys+rvHkVYN46/pdg2HqkVk/fSDGwDQsP9sh7mSHJw8cZ1NnXRXPrJE5W
cVBe9mHZCQE7g9GEdJtUThsCcY2rjkjIfTsHhGUvhR8+9pQbtZCiYzZbuw+GfufD
ErgBZzzHnBbH6lDvWQsj8emsTuhcSFXAgLI9Oj9iq5O1K/NdGBOuEsE/qCrIKdey
WTQvGLZLm9tSRAPN83inlw5mroVvjcLzj8mapqRL/FfuUe3s/vYGzrHeLpAts4vd
HvuGDOdlBCRI2FpO3Kxh7qb/i+mPRxC8539J1sygKHcj792bPlRfuXfOjtS+uN+e
6QXup9ODfbsGCvZJoh1JK46X/cp81UEXSwQX1+LVLtzbBn6vpIUAizOmjvy3FG46
4N1dFZ1C2b0pYVj0U58xik0cIsdVTr22IgshIBgwcygCXhIitXDV7k62vRvof8WG
VP0c3pp8zBgwCaiVcaBf
=N2gC
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic