[gentoo-announce] [ GLSA 200710-09 ] NX 2.1: User-assisted execution of arbitrary code - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200710-09 ] NX 2.1: User-assisted execution of arbitrary code
Date:	Tue, 09 Oct 2007 22:50:48
Message-Id:	`470BFFF2.1010600@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200710-09

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: NX 2.1: User-assisted execution of arbitrary code

12

      Date: October 09, 2007

13

      Bugs: #192712

14

        ID: 200710-09

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer

22

overflow vulnerability.

23

24

Background

25

==========

26

27

NoMachine's NX establishes remote connections to X11 desktops over

28

small bandwidth links. NX and NX Node are the compression core

29

libraries, whereas NX is used by FreeNX and NX Node by the binary-only

30

NX servers.

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package          /  Vulnerable  /                      Unaffected

37

    -------------------------------------------------------------------

38

  1  net-misc/nx           < 3.0.0                            >= 3.0.0

39

  2  net-misc/nxnode     < 3.0.0-r3                        >= 3.0.0-r3

40

    -------------------------------------------------------------------

41

     2 affected packages on all of their supported architectures.

42

    -------------------------------------------------------------------

43

44

Description

45

===========

46

47

Chris Evans reported an integer overflow within the FreeType PCF font

48

file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due

49

to shipping XFree86 4.3.0, which includes the vulnerable FreeType code.

50

51

Impact

52

======

53

54

A remote attacker could exploit these integer overflows by enticing a

55

user to load a specially crafted PCF font file which might lead to the

56

execution of arbitrary code with the privileges of the user on the

57

machine running the NX server.

58

59

Workaround

60

==========

61

62

There is no known workaround at this time.

63

64

Resolution

65

==========

66

67

All NX users should upgrade to the latest version:

68

69

    # emerge --sync

70

    # emerge --ask --oneshot --verbose ">=net-misc/nx-3.0.0"

71

72

All NX Node users should upgrade to the latest version:

73

74

    # emerge --sync

75

    # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.0.0-r3"

76

77

References

78

==========

79

80

  [ 1 ] CVE-2006-1861

81

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

82

  [ 2 ] GLSA 200607-02

83

        http://www.gentoo.org/security/en/glsa/glsa-200607-02.xml

84

85

Availability

86

============

87

88

This GLSA and any updates to it are available for viewing at

89

the Gentoo Security Website:

90

91

  http://security.gentoo.org/glsa/glsa-200710-09.xml

92

93

Concerns?

94

=========

95

96

Security is a primary focus of Gentoo Linux and ensuring the

97

confidentiality and security of our users machines is of utmost

98

importance to us. Any security concerns should be addressed to

99

security@g.o or alternatively, you may file a bug at

100

http://bugs.gentoo.org.

101

102

License

103

=======

104

105

Copyright 2007 Gentoo Foundation, Inc; referenced text

106

belongs to its owner(s).

107

108

The contents of this document are licensed under the

109

Creative Commons - Attribution / Share Alike license.

110

111

http://creativecommons.org/licenses/by-sa/2.5

112

-----BEGIN PGP SIGNATURE-----

113

Version: GnuPG v1.4.7 (GNU/Linux)

114

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

115

116

iD8DBQFHC//yuhJ+ozIKI5gRAsBMAJ0TAVDKI5lx90rvQD+UrO9B+lOS6gCeNOVg

117

DaVvikNyWdu++8QxL3WLnzs=

118

=nHMo

119

-----END PGP SIGNATURE-----

120

--

121

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200710-09
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: NX 2.1: User-assisted execution of arbitrary code
12	Date: October 09, 2007
13	Bugs: #192712
14	ID: 200710-09
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer
22	overflow vulnerability.
23
24	Background
25	==========
26
27	NoMachine's NX establishes remote connections to X11 desktops over
28	small bandwidth links. NX and NX Node are the compression core
29	libraries, whereas NX is used by FreeNX and NX Node by the binary-only
30	NX servers.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 net-misc/nx < 3.0.0 >= 3.0.0
39	2 net-misc/nxnode < 3.0.0-r3 >= 3.0.0-r3
40	-------------------------------------------------------------------
41	2 affected packages on all of their supported architectures.
42	-------------------------------------------------------------------
43
44	Description
45	===========
46
47	Chris Evans reported an integer overflow within the FreeType PCF font
48	file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due
49	to shipping XFree86 4.3.0, which includes the vulnerable FreeType code.
50
51	Impact
52	======
53
54	A remote attacker could exploit these integer overflows by enticing a
55	user to load a specially crafted PCF font file which might lead to the
56	execution of arbitrary code with the privileges of the user on the
57	machine running the NX server.
58
59	Workaround
60	==========
61
62	There is no known workaround at this time.
63
64	Resolution
65	==========
66
67	All NX users should upgrade to the latest version:
68
69	# emerge --sync
70	# emerge --ask --oneshot --verbose ">=net-misc/nx-3.0.0"
71
72	All NX Node users should upgrade to the latest version:
73
74	# emerge --sync
75	# emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.0.0-r3"
76
77	References
78	==========
79
80	[ 1 ] CVE-2006-1861
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
82	[ 2 ] GLSA 200607-02
83	http://www.gentoo.org/security/en/glsa/glsa-200607-02.xml
84
85	Availability
86	============
87
88	This GLSA and any updates to it are available for viewing at
89	the Gentoo Security Website:
90
91	http://security.gentoo.org/glsa/glsa-200710-09.xml
92
93	Concerns?
94	=========
95
96	Security is a primary focus of Gentoo Linux and ensuring the
97	confidentiality and security of our users machines is of utmost
98	importance to us. Any security concerns should be addressed to
99	security@g.o or alternatively, you may file a bug at
100	http://bugs.gentoo.org.
101
102	License
103	=======
104
105	Copyright 2007 Gentoo Foundation, Inc; referenced text
106	belongs to its owner(s).
107
108	The contents of this document are licensed under the
109	Creative Commons - Attribution / Share Alike license.
110
111	http://creativecommons.org/licenses/by-sa/2.5
112	-----BEGIN PGP SIGNATURE-----
113	Version: GnuPG v1.4.7 (GNU/Linux)
114	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
115
116	iD8DBQFHC//yuhJ+ozIKI5gRAsBMAJ0TAVDKI5lx90rvQD+UrO9B+lOS6gCeNOVg
117	DaVvikNyWdu++8QxL3WLnzs=
118	=nHMo
119	-----END PGP SIGNATURE-----
120	--
121	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce