It was reported  that the qtnx client would store non-custom SSH keys in a world-readable configuration file. If a user did not have a properly secured home directory (if it was world-readable or world-executable), this could allow other users on the local system to obtain the private key used to connect to remote NX sessions.
% ls -al .qtnx
drwxrwxr-x. 2 user user 4096 Aug 11 11:36 .
drwxr-x---. 27 user user 4096 Aug 11 11:37 ..
-rw-rw-r--. 1 user user 1209 Aug 11 11:40 cerb.nxml
% grep Auth .qtnx/cerb.nxml
<option key="Authentication Key" value="sekritz"></option>
qtnx should probably set the permissions of the *.nxml files to 0600, or the ~/.qtnx/ directory should be mode 0700 (like ~/.ssh/)
Created freenx-client tracking bugs for this issue
Affects: fedora-all [bug 730085]
This issue was assigned the name CVE-2011-2916.