[FreeNX-kNX] Update: Fedora/Redhat Freenx RPM's - 0.4.4-2
Rick Stout
zipsonic at gmail.com
Thu Jan 26 23:04:04 UTC 2006
> Thanks, Rick. Is there an advisory or any more details on the security
> issue?
>
This has actually been addressed in the past, but you can read about it
here, but the basic problem was that unless turned off in sshd_config,
any user with the nx key could connect to the server and use it as a
proxy: forwarding ports, etc... This was resolved a few releases ago
with the nxsetup disallowing those actions by use of the
authorized_keys2 file. Since the RPM does all of the setup and the user
almost never touches nxsetup, those changes were never applied. I
updated the install scripts in the rpm to take this update into account,
and eliminate that particular security concern.
Regards,
Rick Stout
http://fedoranews.org/contributors/rick_stout/freenx/
More information about the FreeNX-kNX
mailing list