x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X2go_server | X2go | * | 4.0.0.7 (including) |
| X2go_server | X2go | 4.0.0.0 (including) | 4.0.0.0 (including) |
| X2go_server | X2go | 4.0.0.1 (including) | 4.0.0.1 (including) |
| X2go_server | X2go | 4.0.0.2 (including) | 4.0.0.2 (including) |
| X2go_server | X2go | 4.0.0.3 (including) | 4.0.0.3 (including) |
| X2go_server | X2go | 4.0.0.4 (including) | 4.0.0.4 (including) |
| X2go_server | X2go | 4.0.0.6 (including) | 4.0.0.6 (including) |
| X2go_server | X2go | 4.0.1.0 (including) | 4.0.1.0 (including) |
| X2go_server | X2go | 4.0.1.1 (including) | 4.0.1.1 (including) |
| X2go_server | X2go | 4.0.1.2 (including) | 4.0.1.2 (including) |
| X2go_server | X2go | 4.0.1.3 (including) | 4.0.1.3 (including) |
| X2go_server | X2go | 4.0.1.4 (including) | 4.0.1.4 (including) |
| X2go_server | X2go | 4.0.1.5 (including) | 4.0.1.5 (including) |
| X2go_server | X2go | 4.0.1.6 (including) | 4.0.1.6 (including) |
| X2go_server | X2go | 4.0.1.7 (including) | 4.0.1.7 (including) |
| X2go_server | X2go | 4.0.1.8 (including) | 4.0.1.8 (including) |
| X2go_server | X2go | 4.0.1.9 (including) | 4.0.1.9 (including) |
References
- http://permalink.gmane.org/gmane.linux.terminal-server.x2go.announce/83
- http://security.gentoo.org/glsa/glsa-201405-26.xml
- http://www.openwall.com/lists/oss-security/2014/05/18/1
- http://www.openwall.com/lists/oss-security/2014/05/19/4
- http://www.securityfocus.com/bid/65001
- http://permalink.gmane.org/gmane.linux.terminal-server.x2go.announce/83
- http://security.gentoo.org/glsa/glsa-201405-26.xml
- http://www.openwall.com/lists/oss-security/2014/05/18/1
- http://www.openwall.com/lists/oss-security/2014/05/19/4
- http://www.securityfocus.com/bid/65001