NX Server Free Edition, NX Node: Privilege escalation — GLSA 201201-07

An unspecified vulnerability in NX Server Free Edition and NX Node could allow local attackers to gain root privileges.

Affected Packages

net-misc/nxserver-freeedition on all architectures
Affected versions < 3.5.0.5
Unaffected versions >= 3.5.0.5
net-misc/nxnode on all architectures
Affected versions < 3.5.0.4
Unaffected versions >= 3.5.0.4

Background

NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server.

Description

NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All NX Server Free Edition users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-misc/nxserver-freeedition-3.5.0.5"
 

All NX Node users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4"
 

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 23, 2011. It is likely that your system is already no longer affected by this issue.

References

Release Date
January 23, 2012

Latest Revision
January 23, 2012: 1

Severity
high

Exploitable
local

Bugzilla entries