ports/97313: [maintainer patch] Update net/vnc port to 4.1.2

James Raftery james at now.ie
Tue May 16 00:10:23 UTC 2006 

The following reply was made to PR ports/97313; it has been noted by GNATS.

From: James Raftery <james at now.ie>
To: Ion-Mihai IOnut Tetcu <itetcu at FreeBSD.org>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: ports/97313: [maintainer patch] Update net/vnc port to 4.1.2
Date: Tue, 16 May 2006 01:06:37 +0100

 Hi,
 
 On 16 May 2006, at 00:12, Ion-Mihai IOnut Tetcu wrote:
 >>> Number:         97313
 >>> Category:       ports
 >>> Synopsis:       [maintainer patch] Update net/vnc port to 4.1.2
 >>> Severity:       serious
 >>> Priority:       medium
 >>> Responsible:    freebsd-ports-bugs
 >>> Description:
 >> 	The patch below updates the net/vnc port from version 4.1.1 to
 >> 	version 4.1.2.
 >>
 >> 	4.1.2 addresses a serious vulnerability in RealVNC.
 >
 > Please tell us what this vulnerability is and if possible provide a
 > vuxml entry for it as well.
 
 http://www.securityfocus.com/bid/17978
 http://www.securityfocus.com/archive/1/433994/30/0/threaded
 
 A malicious VNC client can cause a VNC server to allow it to connect  
 without any authentication regardless of the authentication settings  
 configured in the server.
 
 VuXML below. It's my first, so please check thoroughly :)
 
 <vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c">
    <topic>Authentication bypass vulnerability found in RealVNC</topic>
    <affects>
      <package>
        <name>vnc</name>
        <range><eq>4.1.1</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>RealVNC is susceptible to an authentication-bypass  
 vulnerability.
        A malicious VNC client can cause a VNC server to allow it to
        connect without any authentication regardless of the  
 authentication
        settings configured in the server. Exploiting this issue allows
        attackers to gain unauthenticated, remote access to the VNC  
 servers.</p>
      </body>
    </description>
    <references>
      <bid>17978</bid>
      <mlist>http://www.securityfocus.com/archive/1/433994/30/0/ 
 threaded</mlist>
    </references>
    <dates>
      <discovery>2006-05-15</discovery>
      <entry>2006-05-16</entry>
    </dates>
 </vuln>
 
 
 Thanks,
 james
 -- 
 Times flies like an arrow. Fruit flies like bananas.

More information about the freebsd-ports-bugs mailing list