FreeNX Local X Server Authentication Bypass Vulnerability
BID:12663
Info
FreeNX Local X Server Authentication Bypass Vulnerability
| Bugtraq ID: | 12663 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 25 2005 12:00AM |
| Updated: | Feb 25 2005 12:00AM |
| Credit: | This issue was announced by SuSE. It is not known who originally discovered this issue. |
| Vulnerable: |
FreeNX FreeNX 0.2.7 FreeNX FreeNX 0.2.6 FreeNX FreeNX 0.2.5 FreeNX FreeNX 0.2.4 FreeNX FreeNX 0.2 -3 FreeNX FreeNX 0.2 -2 FreeNX FreeNX 0.2 -1 FreeNX FreeNX 0.2 -0 |
| Not Vulnerable: |
NoMachine NX Server 1.4 NoMachine NX Server 1.3.2 NoMachine NX Server 1.3.1 NoMachine NX Server 1.3 FreeNX FreeNX 0.2.8 |
Discussion
FreeNX Local X Server Authentication Bypass Vulnerability
FreeNX is prone to a vulnerability that may local users to bypass X server authentication. The vulnerability presents itself when the XAUTHORITY environment variable is not set.
This issue has been reported to affect FreeNX Server, NoMachine NX Server is not reported to be affected by this issue.
FreeNX is prone to a vulnerability that may local users to bypass X server authentication. The vulnerability presents itself when the XAUTHORITY environment variable is not set.
This issue has been reported to affect FreeNX Server, NoMachine NX Server is not reported to be affected by this issue.
Exploit / POC
FreeNX Local X Server Authentication Bypass Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
FreeNX Local X Server Authentication Bypass Vulnerability
Solution:
SuSE has released Security Summary Report SUSE-SR:2005:006 to address this and other issues. Please see the referenced advisory for details on obtaining and applying fixes.
This issue has been addressed in FreeNX 0.2.8.
FreeNX FreeNX 0.2 -2
FreeNX FreeNX 0.2 -0
FreeNX FreeNX 0.2 -3
FreeNX FreeNX 0.2 -1
FreeNX FreeNX 0.2.4
FreeNX FreeNX 0.2.5
FreeNX FreeNX 0.2.6
FreeNX FreeNX 0.2.7
Solution:
SuSE has released Security Summary Report SUSE-SR:2005:006 to address this and other issues. Please see the referenced advisory for details on obtaining and applying fixes.
This issue has been addressed in FreeNX 0.2.8.
FreeNX FreeNX 0.2 -2
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2 -0
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2 -3
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2 -1
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2.4
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz -
SuSE FreeNX-0.2.8-3.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/FreeNX-0.2.8-3.1. i586.rpm -
SuSE FreeNX-0.2.8-3.1.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/FreeNX-0.2.8- 3.1.x86_64.rpm
FreeNX FreeNX 0.2.5
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2.6
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz
FreeNX FreeNX 0.2.7
-
FreeNX freenx-0.2.8.tar.gz
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.8.tar.gz