Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#4643 - VNC >= 4.1.1 Authentication Bypass - ALST
Attached to Project:
Arch Linux
Opened by James Fryman (jfryman) - Tuesday, 16 May 2006, 12:17 GMT
Last edited by Damir Perisa (damir.perisa) - Friday, 19 May 2006, 18:26 GMT
Opened by James Fryman (jfryman) - Tuesday, 16 May 2006, 12:17 GMT
Last edited by Damir Perisa (damir.perisa) - Friday, 19 May 2006, 18:26 GMT
|
DetailsA critical vulnerability has been discovered in RealVNC (Arch Package 'vnc') that allows an attacker to bypass the authentication method employed by sending a specially crafted packet to the attacker to take control of any desktop running VNC 4.0 - 4.1.1 (Utilizing RFB 003.008)
No official details have been released about this vuln, but has been discolsed on FullDisclosure May 15, 2006 by James Evans. RealVNC has released an update to address this hole. The updated package can be found at: http://www.realvnc.com/cgi-bin/download.cgi |
This task depends upon
Closed by Damir Perisa (damir.perisa)
Friday, 19 May 2006, 18:38 GMT
Reason for closing: Implemented
Friday, 19 May 2006, 18:38 GMT
Reason for closing: Implemented
http://seclists.org/lists/fulldisclosure/2006/May/0359.html