Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1511

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1511
Last Modified 10 Sep 2008 03:14:48
Published 03 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1511

Summary

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

Vulnerable Systems

Application

  • Att Vnc 3.3.3

  • Att Vnc 3.3.3r2

  • Att Vnc 3.3.4

  • Att Vnc 3.3.5

  • Att Vnc 3.3.6

  • Tightvnc 1.2.0

  • Tightvnc 1.2.1

  • Tightvnc 1.2.2

  • Tightvnc 1.2.3

  • Tightvnc 1.2.4

  • Tightvnc 1.2.5


References

REDHAT - RHSA-2003:041

XF - vnc-rand-weak-cookie(11384)

CONFIRM - http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog

BID - 6905

REDHAT - RHSA-2003:068

MANDRAKE - MDKSA-2003:022

SUNALERT - 56161

GENTOO - 200302-15

CONECTIVA - CLSA-2003:640


Last Updated: 27 May 2016 10:37:22