58066 – VNC can be frozen via HTTP

Bug 58066 - VNC can be frozen via HTTP

Summary: VNC can be frozen via HTTP

Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	vnc
Sub Component:	(Show other bugs)
Version:	7.0
Hardware:	i686 Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-01-07 17:49 UTC by Tal Kelrich
Modified:	2007-04-18 16:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2002-02-08 10:41:10 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tal Kelrich 2002-01-07 17:49:13 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014

Description of problem:
vnc freezes when receiving HTTP requests, until all headers are sent (\n\n).

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
$ nc box.victim.com 5801
GET / HTTP/1.1\n


Actual Results:  [vnc is now frozen until a second \n is entered, ending the
header section, or until http disconnect]

Expected Results:  nothing

Additional info:

vnc, RPM 3.3.3r1

Comment 1 Tim Waugh 2002-01-10 15:47:51 UTC

There is another DoS that can be used to break out of this one. :-)
I'll talk to the maintainers.

Comment 2 Tim Waugh 2002-03-12 09:39:15 UTC

Fixed in 3.3.3r2-18.3.

Note You need to log in before you can comment on or make changes to this bug.