CVE-2008-1293

Name of the Vulnerable Software and Affected Versions ltsp-server-standalone versions (affected versions not specified) ltsp-server versions (affected versions not specified) ltsp-client-builder versions (affected versions not specified) ltsp-client versions (affected versions not specified) ldm versions 0.99 and 2

Description The issue concerns multiple vulnerabilities in the ltsp-server-standalone, ltsp-server, ltsp-client-builder, ltsp-client, and ldm packages of the Debian GNU/Linux operating system. These vulnerabilities can be exploited by an attacker to compromise the confidentiality and integrity of protected information. In the case of ldm in Linux Terminal Server Project (LTSP), it passes the -ac option to the X server on each LTSP client, allowing remote attackers to connect to this server via TCP port 6006, also known as display :6.

Recommendations For ltsp-server-standalone, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ltsp-server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ltsp-client-builder, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ltsp-client, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ldm versions 0.99 and 2, consider restricting access to the X server on each LTSP client to minimize the risk of exploitation.