Bug 191692 - CVE-2006-2369 bypass authentication in vnc 4.1.1
Summary: CVE-2006-2369 bypass authentication in vnc 4.1.1
Alias: None
Product: Fedora
Classification: Fedora
Component: vnc   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Radek Vokal
QA Contact: David Lawrence
Whiteboard: public=20060508,impact=important,sour...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-15 10:15 UTC by Mark J. Cox
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: 4.1.1-38.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-24 15:34:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Mark J. Cox 2006-05-15 10:15:03 UTC
It was reported that it was possible to bypass vnc authentication in version 4.1.1

www.realvnc.com has released a version 4.1.2 to correct this flaw, but as of
today they haven't released the source code.  However a third party looked and
found what seems to be the problem:

I've verified that by altering a client in this way you are able to bypass
password authentication in vnc 4.1.1 but not in earlier versions as shipped in
Red Hat Enterprise Linux (their server connection souce code is different).

Update needed for FC4 and FC5

Comment 1 Fedora Update System 2006-05-16 17:48:10 UTC
vnc-4.1.1-10.1.fc4 has been pushed for fc4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 2 Fedora Update System 2006-05-16 17:48:29 UTC
vnc-4.1.1-37.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 3 Jens Hoelldampf 2006-05-17 11:43:30 UTC
Authentication seems to be broken for vnc-4.1.1-37.fc5/vnc-server-4.1.1-37.fc5,
no vnc connection possible at all:

- start "Xvnc :1"

- start "vncviewer :1" in another console
> [...]
> Wed May 17 13:40:36 2006
> CConn:       connected to host localhost port 5901
> CConnection: Server supports RFB protocol version 3.8
> CConnection: Using RFB protocol version 3.8
> main:        End of stream

- output of "Xvnc :1"
> Connections: accepted:
> SConnection: Client needs protocol version 3.8
> SConnection: Client requests security type VncAuth(2)
> SConnection: unexpected security type
> Connections: closed: (unexpected security type)

Comment 4 Jitka Kozana 2006-05-22 11:35:23 UTC
Please try with version 4.1.1-38.fc5, the problem should be fixed there.

Note You need to log in before you can comment on or make changes to this bug.