It was reported [1] that the qtnx client would store non-custom SSH keys in a world-readable configuration file. If a user did not have a properly secured home directory (if it was world-readable or world-executable), this could allow other users on the local system to obtain the private key used to connect to remote NX sessions. For example: % ls -al .qtnx total 12 drwxrwxr-x. 2 user user 4096 Aug 11 11:36 . drwxr-x---. 27 user user 4096 Aug 11 11:37 .. -rw-rw-r--. 1 user user 1209 Aug 11 11:40 cerb.nxml % grep Auth .qtnx/cerb.nxml <option key="Authentication Key" value="sekritz"></option> qtnx should probably set the permissions of the *.nxml files to 0600, or the ~/.qtnx/ directory should be mode 0700 (like ~/.ssh/) [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637439
Created freenx-client tracking bugs for this issue Affects: fedora-all [bug 730085]
This issue was assigned the name CVE-2011-2916.