Lucene search

Gentoo FoundationMGASA-2014-0111

HistoryMar 02, 2014 - 2:55 a.m.

Updated x2goserver package fixes security vulnerability

2014-03-0202:55:00

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.054 Low

EPSS

Percentile

93.1%

JSON

A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process (CVE-2013-4376). A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchx2goserver< 4.0.1.13-1x2goserver-4.0.1.13-1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	x2goserver	< 4.0.1.13-1	x2goserver-4.0.1.13-1.mga3

References

www.gentoo.org/security/en/glsa/glsa-201310-19.xml

bugs.mageia.org/show_bug.cgi?id=11557

lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html

lists.fedoraproject.org/pipermail/package-announce/2014-January/126414.html

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.054 Low

EPSS

Percentile

93.1%

JSON

Related for MGASA-2014-0111