Package : ldm
Vulnerability : programming error
Problem type : remote
CVE Id(s) : CVE-2008-1293
Debian Bug : 469462
Christian Herzog discovered that within the Linux Terminal Server Project,
it was possible to connect to X on any LTSP client from any host on the
network, making client windows and keystrokes visible to that host.
NOTE: most ldm installs are likely to be in a chroot environment exported
over NFS, and will not be upgraded merely by upgrading the server itself.
For example, on the i386 architecture, to upgrade ldm will likely require: