freenx-team team mailing list archive

[Sebastian Urban <urbans84@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

Using latest packages from FreeNX PPA on Ubuntu Hardy.

Steps to reproduce:
1. Make sure no user is logged in on FreeNX server host.
2. Connect to FreeNX server host via NX using session GNOME.
3. Insert USB storage device or a CDROM into the FreeNX server host.

Result:
The medium is mounted, assigned to the remotely logged in user and shown on his remote GNOME desktop via NX.
If a different user logs in locally on the NX server he does not have permissions to access the medium.

Expected result:
The medium should not be mounted and the remote NX user should not be able to access it. 
If a user logs in locally on the NX server the medium should be mounted with his permissions and appear on his local GNOME desktop.

** Affects: freenx-server
     Importance: Undecided
         Status: New

-- 
Remote NX users can access locally connected removable media on the FreeNX server
https://bugs.launchpad.net/bugs/388973
You received this bug notification because you are a member of FreeNX
Team, which is a direct subscriber.

Status in FreeNX open source NX Server: New

Bug description:
Using latest packages from FreeNX PPA on Ubuntu Hardy.

Steps to reproduce:
1. Make sure no user is logged in on FreeNX server host.
2. Connect to FreeNX server host via NX using session GNOME.
3. Insert USB storage device or a CDROM into the FreeNX server host.

Result:
The medium is mounted, assigned to the remotely logged in user and shown on his remote GNOME desktop via NX.
If a different user logs in locally on the NX server he does not have permissions to access the medium.

Expected result:
The medium should not be mounted and the remote NX user should not be able to access it. 
If a user logs in locally on the NX server the medium should be mounted with his permissions and appear on his local GNOME desktop.