Bug 97313 - [maintainer patch] Update net/vnc port to 4.1.2
Summary: [maintainer patch] Update net/vnc port to 4.1.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-15 19:30 UTC by james
Modified: 2006-05-18 17:12 UTC (History)
0 users

See Also:


Attachments
vnc-4.1.2.patch (1.66 KB, patch)
2006-05-15 19:30 UTC, james
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description james 2006-05-15 19:30:19 UTC
	The patch below updates the net/vnc port from version 4.1.1 to
	version 4.1.2.

	4.1.2 addresses a serious vulnerability in RealVNC.

Fix: The patch below updates the Makefile and distinfo for RealVNC
	version 4.1.2

	Thanks!
	james
How-To-Repeat: 	N/A
Comment 1 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-05-16 00:12:41 UTC
On 15 May 2006 18:24:31 -0000
James Raftery <james@now.ie> wrote:

> 
> >Number:         97313
> >Category:       ports
> >Synopsis:       [maintainer patch] Update net/vnc port to 4.1.2
> >Severity:       serious
> >Priority:       medium
> >Responsible:    freebsd-ports-bugs
> >Description:
> 	The patch below updates the net/vnc port from version 4.1.1 to
> 	version 4.1.2.
> 
> 	4.1.2 addresses a serious vulnerability in RealVNC.


Please tell us what this vulnerability is and if possible provide a
vuxml entry for it as well.


-- 
IOnut - Un^d^dregistered ;) FreeBSD "user"
  "Intellectual Property" is   nowhere near as valuable   as "Intellect"

BOFH excuse #299:
The data on your hard drive is out of balance

Comment 2 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-05-16 00:13:01 UTC
State Changed
From-To: open->feedback

Ask maintainer for details.
Comment 3 james 2006-05-16 01:06:37 UTC
Hi,

On 16 May 2006, at 00:12, Ion-Mihai IOnut Tetcu wrote:
>>> Number:         97313
>>> Category:       ports
>>> Synopsis:       [maintainer patch] Update net/vnc port to 4.1.2
>>> Severity:       serious
>>> Priority:       medium
>>> Responsible:    freebsd-ports-bugs
>>> Description:
>> 	The patch below updates the net/vnc port from version 4.1.1 to
>> 	version 4.1.2.
>>
>> 	4.1.2 addresses a serious vulnerability in RealVNC.
>
> Please tell us what this vulnerability is and if possible provide a
> vuxml entry for it as well.

http://www.securityfocus.com/bid/17978
http://www.securityfocus.com/archive/1/433994/30/0/threaded

A malicious VNC client can cause a VNC server to allow it to connect  
without any authentication regardless of the authentication settings  
configured in the server.

VuXML below. It's my first, so please check thoroughly :)

<vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c">
   <topic>Authentication bypass vulnerability found in RealVNC</topic>
   <affects>
     <package>
       <name>vnc</name>
       <range><eq>4.1.1</eq></range>
     </package>
   </affects>
   <description>
     <body xmlns="http://www.w3.org/1999/xhtml">
       <p>RealVNC is susceptible to an authentication-bypass  
vulnerability.
       A malicious VNC client can cause a VNC server to allow it to
       connect without any authentication regardless of the  
authentication
       settings configured in the server. Exploiting this issue allows
       attackers to gain unauthenticated, remote access to the VNC  
servers.</p>
     </body>
   </description>
   <references>
     <bid>17978</bid>
     <mlist>http://www.securityfocus.com/archive/1/433994/30/0/ 
threaded</mlist>
   </references>
   <dates>
     <discovery>2006-05-15</discovery>
     <entry>2006-05-16</entry>
   </dates>
</vuln>


Thanks,
james
-- 
Times flies like an arrow. Fruit flies like bananas.
Comment 4 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-05-16 01:12:36 UTC
State Changed
From-To: feedback->open

Information requested received
Comment 5 Pav Lucistnik freebsd_committer freebsd_triage 2006-05-18 17:12:20 UTC
State Changed
From-To: open->closed

Committed, thanks!