---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Viewglob "vgd" Server Exposure of Directory Information SECUNIA ADVISORY ID: SA15293 VERIFY ADVISORY: http://secunia.com/advisories/15293/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: Local system SOFTWARE: Viewglob 2.x http://secunia.com/product/5070/ DESCRIPTION: A weakness has been reported in Viewglob, which can be exploited by malicious, local users to disclose system information. The vulnerability is caused due to an error in the "vgd" server program when handling "vgseer" clients. This can be exploited to gain access to the Viewglob display of another user and disclose the content of protected directories. Successful exploitation requires X forwarding access to the affected system. The weakness has been reported in version 2.0. SOLUTION: Update to version 2.0.1. http://viewglob.sourceforge.net/download.html PROVIDED AND/OR DISCOVERED BY: The vendor credits Kevin McCarty. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------