Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1775

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1775
Last Modified 06 Sep 2011 11:16:32
Published 26 May 2011 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1775

Summary

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.

Vulnerable Systems

Application

  • Tigervnc 1.1


References

MLIST - [tigervnc-devel] 20110505 Re: potential vulnerability in TLS secType?

MLIST - [tigervnc-devel] 20110504 Re: potential vulnerability in TLS secType?

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=702672

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=702470

BID - 47738

REDHAT - RHSA-2011:0871

MLIST - [tigervnc-devel] 20110504 potential vulnerability in TLS secType?

SECUNIA - 44939

MLIST - [oss-security] 20110509 Re: CVE request: tigervnc

MLIST - [oss-security] 20110506 CVE request: tigervnc

FEDORA - FEDORA-2011-6838


Last Updated: 27 May 2016 10:56:47