Gentoo FoundationGLSA-201201-07NX Server Free Edition, NX Node: Privilege escalation
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Background
NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server.
Description
NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability.
Impact
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All NX Server Free Edition users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=net-misc/nxserver-freeedition-3.5.0.5"
All NX Node users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 23, 2011. It is likely that your system is already no longer affected by this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-misc/nxserver-freeedition | < 3.5.0.5 | UNKNOWN |
| Gentoo | any | all | net-misc/nxnode | < 3.5.0.4 | UNKNOWN |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%