Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 May 2014 22:09:01 -0400
From: Chris Reffett <>
Subject: CVE request: X2Go Server privilege escalation

I don't see a CVE assigned for the vulnerability announced here:
It appears that this is a privilege escalation through injecting
backticks, but I'm not absolutely sure. It is fixed as of versions in the following commits:;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104

Could a CVE be assigned?

Chris Reffett

Download attachment "signature.asc" of type "application/pgp-signature" (1032 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.