NX Node Scripts Command Injection |
|
| Added on: 2011-10-19 | By: Silvia Regis |
|
Rome, Italy, October 19, 2011 - A problem has been discovered with NX running in an environment where /bin/sh is the bash shell. In this context, the NX suid wrapper program could be used by a system user to run arbitrary commands. We have opened the following Trouble Report as severity Critical: http://www.nomachine.com/tr/view.php?id=TR10I02625 Due to the possible command injection vulnerability arising from this problem, it is strongly advised to upgrade the NX Server and NX Node installations to the following versions: NX Node 3.5.0-7 and NX Server 3.5.0-9. The NoMachine Security Team |
|