An unspecified vulnerability in NX Server Free Edition and NX Node could allow local attackers to gain root privileges.
|Package||net-misc/nxserver-freeedition on all architectures|
|Affected versions||< 18.104.22.168|
|Unaffected versions||>= 22.214.171.124|
|Package||net-misc/nxnode on all architectures|
|Affected versions||< 126.96.36.199|
|Unaffected versions||>= 188.8.131.52|
NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server.
NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability.
A local attacker could gain escalated privileges.
There is no known workaround at this time.
All NX Server Free Edition users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nxserver-freeedition-184.108.40.206"
All NX Node users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nxnode-220.127.116.11"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 23, 2011. It is likely that your system is already no longer affected by this issue.
January 23, 2012
January 23, 2012: 1