GLSA-201310-19 : X2Go Server: Arbitrary code execution
High Nessus Plugin ID 70675
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201310-19 (X2Go Server: Arbitrary code execution)
A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process.
There is no known workaround at this time.
SolutionAll X2Go Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/x2goserver-22.214.171.124'