ports/97313: [maintainer patch] Update net/vnc port to 4.1.2
James Raftery
james at now.ie
Tue May 16 00:10:23 UTC 2006
The following reply was made to PR ports/97313; it has been noted by GNATS.
From: James Raftery <james at now.ie>
To: Ion-Mihai IOnut Tetcu <itetcu at FreeBSD.org>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: ports/97313: [maintainer patch] Update net/vnc port to 4.1.2
Date: Tue, 16 May 2006 01:06:37 +0100
Hi,
On 16 May 2006, at 00:12, Ion-Mihai IOnut Tetcu wrote:
>>> Number: 97313
>>> Category: ports
>>> Synopsis: [maintainer patch] Update net/vnc port to 4.1.2
>>> Severity: serious
>>> Priority: medium
>>> Responsible: freebsd-ports-bugs
>>> Description:
>> The patch below updates the net/vnc port from version 4.1.1 to
>> version 4.1.2.
>>
>> 4.1.2 addresses a serious vulnerability in RealVNC.
>
> Please tell us what this vulnerability is and if possible provide a
> vuxml entry for it as well.
http://www.securityfocus.com/bid/17978
http://www.securityfocus.com/archive/1/433994/30/0/threaded
A malicious VNC client can cause a VNC server to allow it to connect
without any authentication regardless of the authentication settings
configured in the server.
VuXML below. It's my first, so please check thoroughly :)
<vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c">
<topic>Authentication bypass vulnerability found in RealVNC</topic>
<affects>
<package>
<name>vnc</name>
<range><eq>4.1.1</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RealVNC is susceptible to an authentication-bypass
vulnerability.
A malicious VNC client can cause a VNC server to allow it to
connect without any authentication regardless of the
authentication
settings configured in the server. Exploiting this issue allows
attackers to gain unauthenticated, remote access to the VNC
servers.</p>
</body>
</description>
<references>
<bid>17978</bid>
<mlist>http://www.securityfocus.com/archive/1/433994/30/0/
threaded</mlist>
</references>
<dates>
<discovery>2006-05-15</discovery>
<entry>2006-05-16</entry>
</dates>
</vuln>
Thanks,
james
--
Times flies like an arrow. Fruit flies like bananas.
More information about the freebsd-ports-bugs
mailing list