Red Hat Bugzilla – Bug 58066
VNC can be frozen via HTTP
Last modified: 2007-04-18 12:38:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014
Description of problem:
vnc freezes when receiving HTTP requests, until all headers are sent (\n\n).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
$ nc box.victim.com 5801
GET / HTTP/1.1\n
Actual Results: [vnc is now frozen until a second \n is entered, ending the
header section, or until http disconnect]
Expected Results: nothing
vnc, RPM 3.3.3r1
There is another DoS that can be used to break out of this one. :-)
I'll talk to the maintainers.
Fixed in 3.3.3r2-18.3.