FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-2450

This CVE name corresponds to:

Entered Topic
2006-08-13 x11vnc -- authentication bypass vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-2450
Phase Assigned(20060518)

Description

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

References

Source Reference
BUGTRAQ 20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584
CONFIRM http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
GENTOO GLSA-200608-05
GENTOO GLSA-200608-12
GENTOO GLSA-200703-19
SUSE SUSE-SA:2006:042
BID 18977
VUPEN ADV-2006-2797
SECUNIA 20940
SECUNIA 21179
SECUNIA 21349
SECUNIA 21393
SECUNIA 21405
SECUNIA 24525