NoMachine Support

Your questions answered

Knowledge Base

Searching in: Trouble Reports
Filter the search results
Last update:
Affects:
Product:
Status:
Searching in: Trouble Reports
ID: TR08I02575
Added on: 2011-08-05
Last update: 2011-08-05
Solved in version: nxuexec-3.5.0-2, nxserver-3.5.0-5
Platform: All Platforms
Product: NX Server
Severity: Critical
Status: Closed
The nxconfigure.sh script can allow the execution of arbitrary commands on the system
The nxconfigure.sh script, a SUIDed script used by NX Server Manager to update the server configuration, could be executed by any user to execute arbitrary commands on the system.

A possible workaround, until the new node and server packages fixing this issue are available, is to remove the nxconfigure.sh script and replace it with a fake file:

# rm /usr/NX/scripts/restricted/nxconfigure.sh
# touch /usr/NX/scripts/restricted/nxconfigure.sh

Please note that by applying this workaround, you will be no longer able to configure the server via NX Server Manager interface until you upgrade your NX server installation to the new package.