x11vnc: Authentication bypass in included LibVNCServer code — GLSA 200608-12

VNC servers created with x11vnc accept insecure protocol types, even when the server does not offer it, resulting in the possibility of unauthorized access to the server.

Affected Packages

x11-misc/x11vnc on all architectures
Affected versions < 0.8.1
Unaffected versions >= 0.8.1

Background

x11vnc provides VNC servers for X displays.

Description

x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server.

Impact

An attacker could exploit this vulnerability to gain unauthorized access with the privileges of the user running the VNC server.

Workaround

There is no known workaround at this time.

Resolution

All x11vnc users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-misc/x11vnc-0.8.1"

References

Release Date
August 07, 2006

Latest Revision
August 07, 2006: 01

Severity
high

Exploitable
remote

Bugzilla entries