NoMachine Support

Your questions answered

Knowledge Base

Searching in: Software Updates
Filter the search results
Released on:
Searching in: Software Updates
ID: SU08O00184
Released on:  2017-08-11
Last update: 2017-09-05
NoMachine privileges escalation vulnerability (version 4)

Luxembourg, August 11th, 2017

NoMachine makes available updated packages to prevent a vulnerability in one of the server utilities which could be exploited by authenticated users to gain access to all local files on Linux and Mac OS X hosts. Furthermore, security fixes for recent flaws discovered in Apache and which affect users of Cloud Server are also included:

CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167

CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169

CVE-2017-7679 httpd: mod_mime buffer overread
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679

We strongly recommend all users upgrade their server installations to this release, 4.6.26. Although Enterprise Client is not impacted by these vulnerabilities, we advise users to also update their client installations.

Users of version 5 should consult the advisory here: https://www.nomachine.com/SU08O00185

 

Supported Platforms

Windows 32-bit/64-bit XP/Vista/7/8/8.1/10

Mac OS X Intel 64-bit 10.5/10.6/10.7/10.8/10.9/10.10/10.11/10.12

Linux 32-bit and 64-bit

Red Hat Enterprise 4/5/6/7
SLED 10.x/11.x
SLES 10/11/12
openSUSE 10.x/11.x/12.x/13.x/42.x
Mandriva 2009/2010/2011
Fedora 10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25
Debian GNU Linux 4.0/5.0/6.0/7.0/8.0
Ubuntu 8.04/8.10/9.04/9.10/10.4/10.10/11.04/11.10/12.04/12.10/13.04/13.10/14.04/14.10/15.04/15.10/16.04/16.10

 

Important: Due to the changes introduced by Apple which has dropped support for 10.5 and 10.6 in recent compilers, NoMachine will discontinue support for those OS X versions in a future release. It will still be possible to request packages specifically built for 10.5 and 10.6 under the provisions of a support contract.

 

Download NoMachine Packages

You can download the latest packages suitable for your Operating System from the NoMachine Web site at the following URL:

https://www.nomachine.com/download

Customers with valid subscriptions should log in to their customer area and download the "Update version".


Automatic updates

The automatic check for updates is scheduled to check our repositories every two days.

To update any of the NoMachine servers immediately:

- Run the NoMachine GUI from your Programs Menu.

- Click on 'Settings', then on the 'Server preferences' and finally on 'Updates'.

- Then click on the 'Check now' button.

To update the NoMachine Enterprise Client immediately:

- Click on 'Settings' and 'Updates'.

- Then click on the 'Check now' button.

More information about the check for automatic updates is available here:

https://www.nomachine.com/AR05M00847


Manual package update

Please follow the instructions to update your installation manually:

On Windows:

- Download and save the EXE file.
- Double click on the NoMachine executable file.
- As for the installation, the Setup Wizard will take you through all steps necessary for updating NoMachine.

On Mac OS X:

- Download and save the DMG file.
- Double-click on the Disk Image to open it and double-click on the NoMachine program icon.
- As for the installation, the Installer will take you through through all steps necessary for updating NoMachine.

On Linux:

You can use the graphical package manager provided by your Linux distribution or update NoMachine by command line by following instructions below.
If you don't have the sudo utility installed, log on as superuser ("root") and run the commands without sudo.

RPM

- Download and save the RPM file.
- Update your NoMachine installation by running:

# rpm -Uvh <pkgName>_<pkgVersion>_<arch>.rpm

DEB

- Download and save the DEB file.
- Update your NoMachine installation by running:

$ sudo dpkg -i <pkgName>_<pkgVersion>_<arch>.deb

TAR.GZ

- Download and save the TAR.GZ file.
- Update your NoMachine installation by running:

$ cd /usr
$ sudo tar xvzf <pkgName>_<pkgVersion>_<arch>.tar.gz
$ sudo /usr/NX/nxserver --update

If you are installing Enterprise Client or Node run respectively:

$ sudo /usr/NX/nxclient --update
$ sudo /usr/NX/nxnode --update

 

Documents

Installation and configuration guides for the NoMachine products are available at:

https://www.nomachine.com/documents

 

The NoMachine Security Team