Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200608-05 (libvncserver)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57855

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200608-05 (libvncserver)

Resumen: The remote host is missing updates announced in;advisory GLSA 200608-05.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200608-05.

Vulnerability Insight:
VNC servers created with LibVNCServer accept insecure protocol types, even
when the server does not offer it, resulting in unauthorized access to the
server.

Solution:
All LibVNCServer users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-libs/libvncserver-0.8.2'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2450
18977
http://www.securityfocus.com/bid/18977
20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
http://www.securityfocus.com/archive/1/442986/100/0/threaded
20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication
http://seclists.org/fulldisclosure/2022/May/29
20940
http://secunia.com/advisories/20940
21179
http://secunia.com/advisories/21179
21349
http://secunia.com/advisories/21349
21393
http://secunia.com/advisories/21393
21405
http://secunia.com/advisories/21405
24525
http://secunia.com/advisories/24525
ADV-2006-2797
http://www.vupen.com/english/advisories/2006/2797
GLSA-200608-05
http://security.gentoo.org/glsa/glsa-200608-05.xml
GLSA-200608-12
http://security.gentoo.org/glsa/glsa-200608-12.xml
GLSA-200703-19
http://security.gentoo.org/glsa/glsa-200703-19.xml
SUSE-SA:2006:042
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u
http://sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57855
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200608-05 (libvncserver)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200608-05.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200608-05. Vulnerability Insight: VNC servers created with LibVNCServer accept insecure protocol types, even when the server does not offer it, resulting in unauthorized access to the server. Solution: All LibVNCServer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/libvncserver-0.8.2' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2450 18977 http://www.securityfocus.com/bid/18977 20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code http://www.securityfocus.com/archive/1/442986/100/0/threaded 20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication http://seclists.org/fulldisclosure/2022/May/29 20940 http://secunia.com/advisories/20940 21179 http://secunia.com/advisories/21179 21349 http://secunia.com/advisories/21349 21393 http://secunia.com/advisories/21393 21405 http://secunia.com/advisories/21405 24525 http://secunia.com/advisories/24525 ADV-2006-2797 http://www.vupen.com/english/advisories/2006/2797 GLSA-200608-05 http://security.gentoo.org/glsa/glsa-200608-05.xml GLSA-200608-12 http://security.gentoo.org/glsa/glsa-200608-12.xml GLSA-200703-19 http://security.gentoo.org/glsa/glsa-200703-19.xml SUSE-SA:2006:042 http://www.novell.com/linux/security/advisories/2006_42_kernel.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824 http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u http://sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584
Copyright	Copyright (C) 2008 E-Soft Inc.