Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts)
21 September 2011
NGS Secure has discovered a High risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
Impact: Arbitrary files can be read with root privileges
The fix was rated critical by the vendor and short term patch was to remove the offending script.
Reference: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_bugfree.html
Product: BugFree
Vendor: www.bugfree.org.cn ( http://www.bugfree.org.cn/ )
Vulnerable Version: 2.1.3 and probably prior
Tested Version: 2.1.3
Vendor Notification: 21 September 2011
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
URL http://itrc.hp.com
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 21 September 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Reference: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_pretty_link_wordpress_plugin.html
Product: Pretty Link WordPress Plugin
Vendor: Caseproof ( http://blairwilliams.com/ )
Vulnerable Version: 1.4.56 and probably prior
Tested Version: 1.4.56
Vendor Notification: 21 September 2011
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
http://h18013.www1.hp.com/products/servers/management/agents/index.html
HISTORY
Version:0 (rev.0) - 01 August 2005 Initial release
Version:1 (rev.1) - 09 August 2005 Update Affected Versions
Version:2 (rev.2) - 21 September 2005 Resolution for second XSS available
Version:3 (rev.3) - 26 April 2007 Reformatted
Version:4 (rev.4) - 30 August 2010 New URL for updates, added CVSS scores
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
========
Discovered: 28 August 2011
Released: 28 August 2011
Approved: 28 August 2011
Reported: 5 September 2011
Fixed: 21 September 2011
Published: 5 January 2012
===========
Description
===========
Research@NGSSecure <research@ngssecure.com> wrote:
> Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4
> (Advanced and Enterprise across redhat and debian hosts)
>
> 21 September 2011
>
> NGS Secure has discovered a High risk vulnerability in (nomachine) NX
> Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian
> hosts).
>
On Friday 21 September 2007 15:30:31 3APA3A wrote:
> Dear Kees Cook,
>
> CVE-2007-4033 is "Buffer overflow in php_gd2.dll in the gd (PHP_GD2)
> extension in PHP 5.2.3 allows context-dependent attackers to execute
> arbitrary code via a long argument to the imagepsloadfont function."
Correct URL is http://www.bugtraq.ir/adv/t1lib.txt though no CVE is assigned
AFAIK.
