CVE-2011-2916

Name of the Vulnerable Software and Affected Versions qtnx version 0.9

Description The issue concerns the storage of non-custom SSH keys in a world-readable configuration file by qtnx. This could allow another local system user to obtain the private key used for remote NX sessions if a user's home directory is world-readable or world-executable.

Recommendations For qtnx version 0.9, consider restricting access to the configuration file containing the SSH keys to prevent other local users from reading it. As a temporary workaround, restrict home directory permissions to prevent other users from accessing the private key.