NX Server Free Edition, NX Node: Privilege escalation

NX Server Free Edition, NX Node: Privilege escalation An unspecified vulnerability in NX Server Free Edition and NX Node could allow local attackers to gain root privileges. NX Server NX Node January 23, 2012 January 23, 2012: 1 378345 local 3.5.0.5 3.5.0.5 3.5.0.4 3.5.0.4

NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server.

NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability.

A local attacker could gain escalated privileges.

There is no known workaround at this time.

All NX Server Free Edition users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-misc/nxserver-freeedition-3.5.0.5"

All NX Node users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 23, 2011. It is likely that your system is already no longer affected by this issue.

CVE-2011-3977 underling ackle