Date: Tue, 24 Sep 2013 14:33:08 -0400 From: Chris Reffett <creffett@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: X2Go server Hi all, I couldn't find a CVE, so I would like to request one for a vulnerability in X2Go Server. The vendor reported an issue where a remote user could execute arbitrary code as the x2go user, apparently by leveraging a setgid executable which did not have a hardcoded path to "libx2go-server-db-sqlite3-wrapper.pl".  is the commit fixing the vulnerable code,  is the upstream release announcement. Thanks, Chris Reffett  http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a  https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html Download attachment "signature.asc" of type "application/pgp-signature" (394 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.