User Tools

Site Tools


wiki:security:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
wiki:security:start [2013/12/17 21:11]
sunweaver [X2Go Agent]
wiki:security:start [2014/01/08 10:20]
sunweaver [PostgreSQL]
Line 3: Line 3:
 ===== Session Database Backends ===== ===== Session Database Backends =====
 ==== PostgreSQL ==== ==== PostgreSQL ====
-<​note>​No known exploits<​/note>+ 
 + 
 +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://​www.cvedetails.com/​cve/​CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
  
 ==== SQLite ==== ==== SQLite ====
-<​note>​No known exploits<​/note>+ 
 +  * In versions of X2Go Server less than 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://​www.cvedetails.com/​cve/​CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
   ​   ​
  
Line 59: Line 64:
   * [[http://​code.x2go.org/​gitweb?​p=x2goserver.git;​a=commitdiff;​h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/​nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/​nxagent binds to localhost only. Refer to: http://​article.gmane.org/​gmane.linux.terminal-server.x2go.user/​430   * [[http://​code.x2go.org/​gitweb?​p=x2goserver.git;​a=commitdiff;​h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/​nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/​nxagent binds to localhost only. Refer to: http://​article.gmane.org/​gmane.linux.terminal-server.x2go.user/​430
   * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)   * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)
-  * If people need x2goagent listening on TCP, it can also be re-enabled in '''/​etc/​x2go/​x2goagent.options'''​.+  * If people need x2goagent listening on TCP, it can also be re-enabled in ''/​etc/​x2go/​x2goagent.options''​.
   ​   ​
wiki/security/start.txt · Last modified: 2014/01/08 10:20 by sunweaver