SECURITY - X.org security alert in conjunction with the NX Node maintenance release
2008-02-11
by: Silvia Regis
|
ROME, Italy, February 11th, 2008 - Vulnerabilities have been identified
in X.org server code. These vulnerabilities are caused by lack of
proper input validation on user controlled data in various parts of the
software and may lead to crashes of the NX session or, in the case of a
session shared with other users, allow the execution of arbitrary
machine code as the user running the session. Four of the
vulnerabilities affect NX Node 3.1.0-5, namely:
XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427].
TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428].
EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429].
MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]
More information can be found here:
http://www.net-security.org/advisory.php?id=8478
Although
in NX these exploitations cannot lead to privilege escalation or affect
the whole system, we strongly advise all users to upgrade their NX
Node packages to the latest version.
http://www.nomachine.com/news-read.php?idnews=229
The NoMachine Security Team
[SEC]
|
|
 |
|
