NX Server Free Edition, NX Node: Privilege escalation An unspecified vulnerability in NX Server Free Edition and NX Node could allow local attackers to gain root privileges. NX Server NX Node 2012-01-23 2012-01-23: 1 378345 local 3.5.0.5 3.5.0.5 3.5.0.4 3.5.0.4

NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server.

NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability.

A local attacker could gain escalated privileges.

There is no known workaround at this time.

All NX Server Free Edition users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nxserver-freeedition-3.5.0.5"

All NX Node users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.5.0.4"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 23, 2011. It is likely that your system is already no longer affected by this issue.

CVE-2011-3977 underling ackle