X2Go Bug report logs - #258
SECURITY: x2goclient allows clipboard sniffing

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: pending, security

Fixed in version 4.0.2.1

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #72 received at control@bugs.x2go.org (full text, mbox, reply):

Received: (at control) by bugs.x2go.org; 1 Jun 2014 03:28:44 +0000
From mike.gabriel@das-netzwerkteam.de  Sun Jun  1 05:28:44 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,MISSING_SUBJECT,
	URIBL_BLOCKED autolearn=no version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7EFDD5DA79
	for <control@bugs.x2go.org>; Sun,  1 Jun 2014 05:28:44 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 4EA342DED
	for <control@bugs.x2go.org>; Sun,  1 Jun 2014 05:28:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 9C9703C81B
	for <control@bugs.x2go.org>; Sun,  1 Jun 2014 05:28:43 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VNY0NkC-gbM4 for <control@bugs.x2go.org>;
	Sun,  1 Jun 2014 05:28:43 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 086A03C0CF
	for <control@bugs.x2go.org>; Sun,  1 Jun 2014 05:28:43 +0200 (CEST)
Received: from p5B2855DE.dip0.t-ipconnect.de (p5B2855DE.dip0.t-ipconnect.de
 [91.40.85.222]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Sun, 01 Jun 2014 03:28:42 +0000
Date: Sun, 01 Jun 2014 03:28:42 +0000
Message-ID: <20140601032842.Horde.hGe57FrJWSM0osjmmM-bZg2@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: control@bugs.x2go.org
User-Agent: Internet Messaging Program (IMP) H5 (6.1.7)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 91.40.85.222
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101
 Firefox/29.0 Iceweasel/29.0.1
Content-Type: multipart/signed; boundary="=_zvdcdcG2-3cUU3TbvjxXoA1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
clone #258 -1 -2 -3 -4
reassign -1 x2goserver
reassign -2 pyhoca-gui
reassign -3 python-x2go
reassign -4 wiki.x2go.org
retitle -1 Add option to x2goserver.conf for disabling server-side  
clipboard globally
retitle -2 Add option to pyhoca-gui's profile manager to disable  
client-side clipboard (per session profile)
retitle -3 Add support to X2GoSession class for disabling client-side  
clipboard
retitle -4 Better document NX/X11 security issues of X2Go (e.g.  
clipboard sniffing)
thanks
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Nov 27 03:20:48 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.