[Thinlinc-technical] ThinLinc Server Security Update
Peter Astrand
astrand at cendio.se
Mon Dec 18 14:56:05 CET 2017
A security vulnerability with the server side support for "Local Drive
Redirection" has been discovered (bug 7087). In 4.8.0 and earlier
versions, it was possible for a local user to mount file systems
outside their designated area, allowing for a local attacker to gain
elevated privileges on the system. ThinLinc 4.8.1 has been released to
correct this problem. Please note the new release also includes a
4.8.1 client, but it is without changes and identical to 4.8.0. No
client update is needed.
Hotfix packages for older releases are available from
https://www.cendio.com/downloads/updates/b7087. After download, update
the relevant packages with:
sudo rpm -Fvh <packages>
or
sudo dpkg -i <packages>
If Local Drive Redirection is not required, or if you are running a
version which is more than 3 years old, another solution is to disable
this feature by running:
# chmod u-s /opt/thinlinc/libexec/tl-mount-personal
Please note that the Local Drive Redirection feature now requires
Linux kernel 2.6.23 or later.
---
Peter Astrand
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linkoping https://facebook.com/ThinLinc
Phone: +46-13-214600 https://google.com/+CendioThinLinc
More information about the Thinlinc-technical
mailing list