Bug 191692 - CVE-2006-2369 bypass authentication in vnc 4.1.1
CVE-2006-2369 bypass authentication in vnc 4.1.1
Product: Fedora
Classification: Fedora
Component: vnc (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Radek Vokal
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-05-15 06:15 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 4.1.1-38.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-24 11:34:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2006-05-15 06:15:03 EDT
It was reported that it was possible to bypass vnc authentication in version 4.1.1

www.realvnc.com has released a version 4.1.2 to correct this flaw, but as of
today they haven't released the source code.  However a third party looked and
found what seems to be the problem:

I've verified that by altering a client in this way you are able to bypass
password authentication in vnc 4.1.1 but not in earlier versions as shipped in
Red Hat Enterprise Linux (their server connection souce code is different).

Update needed for FC4 and FC5
Comment 1 Fedora Update System 2006-05-16 13:48:10 EDT
vnc-4.1.1-10.1.fc4 has been pushed for fc4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Fedora Update System 2006-05-16 13:48:29 EDT
vnc-4.1.1-37.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 3 Jens Hoelldampf 2006-05-17 07:43:30 EDT
Authentication seems to be broken for vnc-4.1.1-37.fc5/vnc-server-4.1.1-37.fc5,
no vnc connection possible at all:

- start "Xvnc :1"

- start "vncviewer :1" in another console
> [...]
> Wed May 17 13:40:36 2006
> CConn:       connected to host localhost port 5901
> CConnection: Server supports RFB protocol version 3.8
> CConnection: Using RFB protocol version 3.8
> main:        End of stream

- output of "Xvnc :1"
> Connections: accepted:
> SConnection: Client needs protocol version 3.8
> SConnection: Client requests security type VncAuth(2)
> SConnection: unexpected security type
> Connections: closed: (unexpected security type)
Comment 4 Jitka Kozana 2006-05-22 07:35:23 EDT
Please try with version 4.1.1-38.fc5, the problem should be fixed there.

Note You need to log in before you can comment on or make changes to this bug.