freenx-team team mailing list archive

Thread
Date

[Bug 408875] [NEW] Login fails for passwords starting with "-" (dash)

To: freenx-team@xxxxxxxxxxxxxxxxxxx
From: skettlitz <launchpad_net@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 04 Aug 2009 13:59:11 -0000
Reply-to: Bug 408875 <408875@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

When the user password starts with a "-" (dash), the login through the
nx-client does not work, although other methods of login work correctly.
This is possibly, because the password is interpreted as parameter to
some command in a bash script used by nx. This could possible also allow
code injection or dangerous unintended behaviour.

** Affects: freenx-server
     Importance: Undecided
         Status: New

-- 
Login fails for passwords starting with "-" (dash)
https://bugs.launchpad.net/bugs/408875
You received this bug notification because you are a member of FreeNX
Team, which is a direct subscriber.

Status in FreeNX open source NX Server: New

Bug description:
When the user password starts with a "-" (dash), the login through the nx-client does not work, although other methods of login work correctly. This is possibly, because the password is interpreted as parameter to some command in a bash script used by nx. This could possible also allow code injection or dangerous unintended behaviour.

Follow ups

[Bug 408875] [NEW] Login fails for passwords starting with "-" (dash)
From: skettlitz, 2009-08-04

References

[Bug 408875] [NEW] Login fails for passwords starting with "-" (dash)
From: skettlitz, 2009-08-04