Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2369

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2369
Last Modified 22 Sep 2011 12:00:00
Published 15 May 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2369

Summary

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

Vulnerable Systems

Application

  • Realvnc 4.1.1


References

CERT-VN - VU#117929

BID - 17978

BUGTRAQ - 20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

CONFIRM - http://www.realvnc.com/products/free/4.1/release-notes.html

MISC - http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html

SECTRACK - 1016083

SECUNIA - 20109

SECUNIA - 20107

XF - realvnc-auth-bypass(26445)

VUPEN - ADV-2006-2492

VUPEN - ADV-2006-1821

VUPEN - ADV-2006-1790

BUGTRAQ - 20060624 Re: Linux VNC evil client patch - BID 17978

BUGTRAQ - 20060623 Linux VNC evil client patch - BID 17978

BUGTRAQ - 20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

BUGTRAQ - 20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

BUGTRAQ - 20060516 re: RealVNC 4.1.1 Remote Compromise

BUGTRAQ - 20060515 RealVNC 4.1.1 Remote Compromise

OSVDB - 25479

MISC - http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html

CISCO - 20060622 RealVNC Remote Authentication Bypass Vulnerability

SREASON - 8355

SECUNIA - 20789

MLIST - [vnc-list] 20060513 Version 4.1.2


Last Updated: 27 May 2016 10:42:26