Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 May 2014 22:09:01 -0400
From: Chris Reffett <>
Subject: CVE request: X2Go Server privilege escalation

I don't see a CVE assigned for the vulnerability announced here:
It appears that this is a privilege escalation through injecting
backticks, but I'm not absolutely sure. It is fixed as of versions in the following commits:;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104

Could a CVE be assigned?

Chris Reffett

Download attachment "signature.asc" of type "application/pgp-signature" (1032 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ