Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and
Enterprise across redhat and debian hosts)
21 September 2011
NGS Secure has discovered a High risk vulnerability in (nomachine) NX Server
for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
Vulnerability ID: HTB23041
Reference:
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_help_desk_software.html
Product: Help Desk Software
Vendor: freehelpdesk.org ( http://freehelpdesk.org/ )
Vulnerable Version: 1.1b and probably prior
Tested Version: 1.1b
Vendor Notification: 17
All - It has been a few weeks now since I demonstrated the following at
44con (http://www.44con.com) and thus time to just dump the details here.
The following are what can only be described as 'design flaws' in
Trusteer Rapport's anti-keylogger protections, that is Rapport provides
the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Folks,
We have uploaded the slides of the IPv6 Security talk I gave at Hack.lu
2011. The slides are available at:
http://www.si6networks.com/presentations/hacklu2011/fgont-hacklu2011-ip-security.pdf
A list of conferences at which we will be
