Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 May 2006 00:10:22 GMT
From:      James Raftery <james@now.ie>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/97313: [maintainer patch] Update net/vnc port to 4.1.2
Message-ID:  <200605160010.k4G0AMrF030631@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR ports/97313; it has been noted by GNATS.

From: James Raftery <james@now.ie>
To: Ion-Mihai IOnut Tetcu <itetcu@FreeBSD.org>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: ports/97313: [maintainer patch] Update net/vnc port to 4.1.2
Date: Tue, 16 May 2006 01:06:37 +0100

 Hi,
 
 On 16 May 2006, at 00:12, Ion-Mihai IOnut Tetcu wrote:
 >>> Number:         97313
 >>> Category:       ports
 >>> Synopsis:       [maintainer patch] Update net/vnc port to 4.1.2
 >>> Severity:       serious
 >>> Priority:       medium
 >>> Responsible:    freebsd-ports-bugs
 >>> Description:
 >> 	The patch below updates the net/vnc port from version 4.1.1 to
 >> 	version 4.1.2.
 >>
 >> 	4.1.2 addresses a serious vulnerability in RealVNC.
 >
 > Please tell us what this vulnerability is and if possible provide a
 > vuxml entry for it as well.
 
 http://www.securityfocus.com/bid/17978
 http://www.securityfocus.com/archive/1/433994/30/0/threaded
 
 A malicious VNC client can cause a VNC server to allow it to connect  
 without any authentication regardless of the authentication settings  
 configured in the server.
 
 VuXML below. It's my first, so please check thoroughly :)
 
 <vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c">
    <topic>Authentication bypass vulnerability found in RealVNC</topic>
    <affects>
      <package>
        <name>vnc</name>
        <range><eq>4.1.1</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
        <p>RealVNC is susceptible to an authentication-bypass  
 vulnerability.
        A malicious VNC client can cause a VNC server to allow it to
        connect without any authentication regardless of the  
 authentication
        settings configured in the server. Exploiting this issue allows
        attackers to gain unauthenticated, remote access to the VNC  
 servers.</p>
      </body>
    </description>
    <references>
      <bid>17978</bid>
      <mlist>http://www.securityfocus.com/archive/1/433994/30/0/ 
 threaded</mlist>
    </references>
    <dates>
      <discovery>2006-05-15</discovery>
      <entry>2006-05-16</entry>
    </dates>
 </vuln>
 
 
 Thanks,
 james
 -- 
 Times flies like an arrow. Fruit flies like bananas.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605160010.k4G0AMrF030631>