NoMachine NX - Documents: News

	Home > Documents > Security

Security

SECURITY - X.org security alert along with the NX Node maintenance release 2008-06-25 by: Silvia Regis
ROME, Italy, June 25, 2008 - Some vulnerabilities have been found in the X.org server-side code. These vulnerabilities are caused by improper validation of client-provided data which may cause data corruption: CVE-2008-2360 - RENDER Extension heap buffer overflow CVE-2008-2361 - RENDER Extension crash CVE-2008-2362 - RENDER Extension memory corruption CVE-2008-1379 - MIT-SHM arbitrary memory read CVE-2008-1377 - RECORD and Security extensions memory corruption The complete X.Org security advisory can be found here: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Although in NX these vulnerabilities cannot lead to privilege escalation since the X11 agent never runs as root, we strongly advise all users to upgrade their NX Node packages to the latest version. http://www.nomachine.com/news-read.php?idnews=240 The NoMachine Security Team [SEC]

	Technology Brief


		Data encryption and security NX security is guaranteed at every layer involved in the communication process. NX uses SSH public-key encryption and 128 bit volatile random cookie generation.


		Multimedia support NX transparently tunnels Linux multimedia channels. Not only does NX play KDE and Gnome system sounds, but you can listen to MP3s played on the server and local workstation simultaneously.


		Unified support for all major remote desktop protocols Thanks to its outstanding compression performances, NX is able to deliver X, RDP and RFB remote sessions using the same client. This is achieved by translating "foreign" protocols into X-Window, the native protocol of NX.

Home |

News | About Us | Partners | Contact Us
Products | Download | Support | Documents | Customers
Copyright 2002-2010, Medialogic - VAT 05773981005