Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Sep 2013 14:33:08 -0400
From: Chris Reffett <>
Subject: CVE request: X2Go server

Hi all,
I couldn't find a CVE, so I would like to request one for a
vulnerability in X2Go Server. The vendor reported an issue where a
remote user could execute arbitrary code as the x2go user, apparently by
leveraging a setgid executable which did not have a hardcoded path to
"". [1] is the commit fixing the
vulnerable code, [2] is the upstream release announcement.

Chris Reffett


Download attachment "signature.asc" of type "application/pgp-signature" (394 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.