435698 – (CVE-2012-5003) net-misc/nxnode: insecure code execution vulnerability (CVE-2012-5003)

Bug 435698 (CVE-2012-5003) - net-misc/nxnode: insecure code execution vulnerability (CVE-2012-5003)

Summary: net-misc/nxnode: insecure code execution vulnerability (CVE-2012-5003)

Status:	RESOLVED INVALID

Alias:	CVE-2012-5003

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-09-20 23:19 UTC by GLSAMaker/CVETool Bot
Modified:	2012-09-27 19:12 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2012-09-20 23:19:08 UTC

CVE-2012-5003 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5003):
  nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not
  properly verify the authenticity of updates, which allows user-assisted
  remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2)
  RedirectUrl parameter that points to a Trojan Horse client.zip update file.

Comment 1 Bernard Cafarelli gentoo-dev

2012-09-25 14:16:35 UTC

We do not ship the web companion, so Gentoo is not affected by this CVE :)

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-09-27 19:12:29 UTC

(In reply to comment #1)
> We do not ship the web companion, so Gentoo is not affected by this CVE :)

Thanks for checking.