PT-2007-2081 · Nomachine · Nomachine Server
Published
2007-01-31
·
Updated
2017-07-29
·
CVE-2007-0625
CVSS v2.0
4.9
Medium
| Vector | AV:L/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
NoMachine NX Server versions prior to 2.1.0-18
Description
The issue is related to the nxconfigure.sh script, which does not validate the invoking user. This allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in a denial of service.
Recommendations
For versions prior to 2.1.0-18, update to version 2.1.0-18 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nomachine Server