NoMachine NX - Documents: News

	Home > Documents > Security

Security

NX Server nxconfigure.sh Command Injection 2011-08-05 by: Silvia Regis
Rome, Italy, August 5, 2011 - A bug has been found in the nxconfigure.sh script, the SUIDed script used by NX Server Manager to handle the server configuration. This script could be executed by any user from the command line to execute arbitray commands on the system. A workaround has been provided in the Trouble Report we have opened as severity "Critical": http://www.nomachine.com/tr/view.php?id=TR08I02575 Due to the possible command injection vulnerability arising from this problem, it is strongly advised to upgrade the NX Server and NX Node installations to the following versions: NX Node 3.5.0-4 and NX Server 3.5.0-5. The NoMachine Security Team [SEC]

	Technology Brief


		Data encryption and security NX security is guaranteed at every layer involved in the communication process. NX uses SSH public-key encryption and 128 bit volatile random cookie generation.


		Multimedia support NX transparently tunnels Linux multimedia channels. Not only does NX play KDE and Gnome system sounds, but you can listen to MP3s played on the server and local workstation simultaneously.


		Unified support for all major remote desktop protocols Thanks to its outstanding compression performances, NX is able to deliver X, RDP and RFB remote sessions using the same client. This is achieved by translating "foreign" protocols into X-Window, the native protocol of NX.

Home | News | About Us | Partners | Contact Us
Products | Download | Support | Documents | Customers

Copyright 2002-2013, NoMachine S.à r.l - VAT LU25935711