User Tools

Site Tools


wiki:security:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:security:start [2013/12/17 21:11]
sunweaver [X2Go Agent]
wiki:security:start [2014/01/08 10:20]
sunweaver [SQLite]
Line 3: Line 3:
 ===== Session Database Backends ===== ===== Session Database Backends =====
 ==== PostgreSQL ==== ==== PostgreSQL ====
-<​note>​No known exploits<​/note>+ 
 + 
 +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://​www.cvedetails.com/​cve/​CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
  
 ==== SQLite ==== ==== SQLite ====
-<​note>​No known exploits<​/note>+ 
 +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://​www.cvedetails.com/​cve/​CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
   ​   ​
  
Line 59: Line 64:
   * [[http://​code.x2go.org/​gitweb?​p=x2goserver.git;​a=commitdiff;​h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/​nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/​nxagent binds to localhost only. Refer to: http://​article.gmane.org/​gmane.linux.terminal-server.x2go.user/​430   * [[http://​code.x2go.org/​gitweb?​p=x2goserver.git;​a=commitdiff;​h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/​nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/​nxagent binds to localhost only. Refer to: http://​article.gmane.org/​gmane.linux.terminal-server.x2go.user/​430
   * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)   * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)
-  * If people need x2goagent listening on TCP, it can also be re-enabled in '''/​etc/​x2go/​x2goagent.options'''​.+  * If people need x2goagent listening on TCP, it can also be re-enabled in ''/​etc/​x2go/​x2goagent.options''​.
   ​   ​
wiki/security/start.txt · Last modified: 2014/01/08 10:20 by sunweaver