The patch below updates the net/vnc port from version 4.1.1 to version 4.1.2. 4.1.2 addresses a serious vulnerability in RealVNC. Fix: The patch below updates the Makefile and distinfo for RealVNC version 4.1.2 Thanks! james How-To-Repeat: N/A
On 15 May 2006 18:24:31 -0000 James Raftery <james@now.ie> wrote: > > >Number: 97313 > >Category: ports > >Synopsis: [maintainer patch] Update net/vnc port to 4.1.2 > >Severity: serious > >Priority: medium > >Responsible: freebsd-ports-bugs > >Description: > The patch below updates the net/vnc port from version 4.1.1 to > version 4.1.2. > > 4.1.2 addresses a serious vulnerability in RealVNC. Please tell us what this vulnerability is and if possible provide a vuxml entry for it as well. -- IOnut - Un^d^dregistered ;) FreeBSD "user" "Intellectual Property" is nowhere near as valuable as "Intellect" BOFH excuse #299: The data on your hard drive is out of balance
State Changed From-To: open->feedback Ask maintainer for details.
Hi, On 16 May 2006, at 00:12, Ion-Mihai IOnut Tetcu wrote: >>> Number: 97313 >>> Category: ports >>> Synopsis: [maintainer patch] Update net/vnc port to 4.1.2 >>> Severity: serious >>> Priority: medium >>> Responsible: freebsd-ports-bugs >>> Description: >> The patch below updates the net/vnc port from version 4.1.1 to >> version 4.1.2. >> >> 4.1.2 addresses a serious vulnerability in RealVNC. > > Please tell us what this vulnerability is and if possible provide a > vuxml entry for it as well. http://www.securityfocus.com/bid/17978 http://www.securityfocus.com/archive/1/433994/30/0/threaded A malicious VNC client can cause a VNC server to allow it to connect without any authentication regardless of the authentication settings configured in the server. VuXML below. It's my first, so please check thoroughly :) <vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c"> <topic>Authentication bypass vulnerability found in RealVNC</topic> <affects> <package> <name>vnc</name> <range><eq>4.1.1</eq></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>RealVNC is susceptible to an authentication-bypass vulnerability. A malicious VNC client can cause a VNC server to allow it to connect without any authentication regardless of the authentication settings configured in the server. Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers.</p> </body> </description> <references> <bid>17978</bid> <mlist>http://www.securityfocus.com/archive/1/433994/30/0/ threaded</mlist> </references> <dates> <discovery>2006-05-15</discovery> <entry>2006-05-16</entry> </dates> </vuln> Thanks, james -- Times flies like an arrow. Fruit flies like bananas.
State Changed From-To: feedback->open Information requested received
State Changed From-To: open->closed Committed, thanks!