It was reported [1],[2] that vino transmits all clipboard activity to anything listening on port 5900, including to clients that have not authenticated. If a user were to have vino enabled (including requiring authentication), a remote user could access the port and see anything the user added to the clipboard sent over the port. To reproduce, enable vino with password protection (i.e. execute vino-preferences). Connect to the VNC port (either locally or remotely), for instance: % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: zsh:@??[vdanen@odvfc17] The above two bits of output are from copying in the GNOME terminal, locally, on the system running vino. The above was tested with Fedora 17's 3.4.2 version; the report indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable. [1] https://bugs.gentoo.org/show_bug.cgi?id=434930 [2] https://bugzilla.gnome.org/show_bug.cgi?id=678434
Created vino tracking bugs for this issue Affects: fedora-all [bug 857252]
The CVE identifier of CVE-2012-4429 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/09/14/1
Proposed upstream patch at: http://bugzilla-attachments.gnome.org/attachment.cgi?id=231701
Upstream patch: http://git.gnome.org/browse/vino/commit/?id=9c8b9f81205203db6c31068babbfb8a734acacdb
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0169 https://rhn.redhat.com/errata/RHSA-2013-0169.html