Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2450

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2450
Last Modified 11 Nov 2014 11:17:35
Published 18 Jul 2006 11:40:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2450

Summary

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

Vulnerable Systems

Application

  • Libvncserver 0.7.1


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584

SECUNIA - 20940

CONFIRM - http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824

VUPEN - ADV-2006-2797

BID - 18977

BUGTRAQ - 20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code

SUSE - SUSE-SA:2006:042

GENTOO - GLSA-200703-19

GENTOO - GLSA-200608-12

GENTOO - GLSA-200608-05

SECUNIA - 24525

SECUNIA - 21405

SECUNIA - 21393

SECUNIA - 21349

SECUNIA - 21179


Last Updated: 27 May 2016 10:42:28