libvncserver: authentication bypass [CVE-2006-2450]

Debian Bug report logs - #376824
libvncserver: authentication bypass [CVE-2006-2450]

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <mpitt@debian.org>

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: libvncserver: authentication bypass [CVE-2006-2450]

Date: Wed, 5 Jul 2006 12:15:44 +0200

[Message part 1 (text/plain, inline)]

Package: libvncserver
Version: 0.7.1-5
Severity: grave
Tags: security patch

Ludwig Nussel <ludwig.nussel@suse.de> discovered that libvncserver has
the same authentication bypass as realvnc (in CVE-2006-2369), although
it's completely different code. 

This has been fixed by upstream:

 http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u

Please see the original realvnc CVE for more information:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369

For libvncserver, this has been assigned CVE-2006-2450. Please
mention this number in the changelog when you fix this.

Please also coordinate with security@debian.org for a stable-security
update.

Thank you!

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 376824@bugs.debian.org (full text, mbox, reply):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>

To: Martin Pitt <mpitt@debian.org>

Cc: 376824@bugs.debian.org, control@bugs.debian.org, security@debian.org

Subject: Re: libvncserver: authentication bypass [CVE-2006-2450]

Date: Fri, 14 Jul 2006 20:10:55 +0200

tags 376824 - patch
thanks

On Wed, Jul 05, 2006 at 12:15:44PM +0200, Martin Pitt wrote:
> Ludwig Nussel <ludwig.nussel@suse.de> discovered that libvncserver has
> the same authentication bypass as realvnc (in CVE-2006-2369), although
> it's completely different code. 
> 
> This has been fixed by upstream:
> 
>  http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u

Unfortunately, this patch does not even remotely apply to the version in
unstable; the version in unstable seems to be on revision 1.3 or earlier from
CVS, while the patch is against 1.11 (and _lots_ of changes applied between
then). I'm not even sure if the version in unstable is affected, but I
haven't done anything to check; in any case, I'm unsetting the patch tag.

/* Steinar */
-- 
Homepage: http://www.sesse.net/

Message #17 received at 376824-close@bugs.debian.org (full text, mbox, reply):

From: Ludovic Drolez <ldrolez@debian.org>

To: 376824-close@bugs.debian.org

Subject: Bug#376824: fixed in libvncserver 0.8.2-1

Date: Mon, 17 Jul 2006 14:18:21 -0700

Source: libvncserver
Source-Version: 0.8.2-1

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive:

libvncserver-dev_0.8.2-1_i386.deb
  to pool/main/libv/libvncserver/libvncserver-dev_0.8.2-1_i386.deb
libvncserver_0.8.2-1.diff.gz
  to pool/main/libv/libvncserver/libvncserver_0.8.2-1.diff.gz
libvncserver_0.8.2-1.dsc
  to pool/main/libv/libvncserver/libvncserver_0.8.2-1.dsc
libvncserver_0.8.2.orig.tar.gz
  to pool/main/libv/libvncserver/libvncserver_0.8.2.orig.tar.gz
linuxvnc_0.8.2-1_i386.deb
  to pool/main/libv/libvncserver/linuxvnc_0.8.2-1_i386.deb
vncommand_0.8.2-1_i386.deb
  to pool/main/libv/libvncserver/vncommand_0.8.2-1_i386.deb
x11vnc_0.8.2-1_i386.deb
  to pool/main/libv/libvncserver/x11vnc_0.8.2-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 376824@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Drolez <ldrolez@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 17 Jul 2006 20:43:38 +0200
Source: libvncserver
Binary: vncommand linuxvnc libvncserver-dev x11vnc
Architecture: source i386
Version: 0.8.2-1
Distribution: unstable
Urgency: high
Maintainer: Ludovic Drolez <ldrolez@debian.org>
Changed-By: Ludovic Drolez <ldrolez@debian.org>
Description: 
 libvncserver-dev - easy API to write one's own VNC server
 linuxvnc   - VNC server to monitor a tty
 vncommand  - VNC server which monitors a specified program
 x11vnc     - VNC server which uses your current X11 session
Closes: 373808 376824
Changes: 
 libvncserver (0.8.2-1) unstable; urgency=high
 .
   * New upstream release. Closes: #373808
   * This new release fixes a security bug which might be present in the
     previous release of the package. Closes: #376824
   * urgency=high because a probable security bug was fixed.
Files: 
 0fc96f1fd35940377a275c4a7c4bfc6c 781 x11 optional libvncserver_0.8.2-1.dsc
 17a18e398af6c1730f72068022a152aa 1311845 x11 optional libvncserver_0.8.2.orig.tar.gz
 29da7fe4fee19880bea19b579d1844b5 6336 x11 optional libvncserver_0.8.2-1.diff.gz
 c966ee97052ede8b5fea7bf9ffee91ef 219168 x11 optional libvncserver-dev_0.8.2-1_i386.deb
 ee3b75209a868c3d45c8c55c2e3b0a87 464806 x11 optional x11vnc_0.8.2-1_i386.deb
 be855e7d0a79071a269e4931d0be8f49 96026 x11 optional linuxvnc_0.8.2-1_i386.deb
 c56364ef95ed921317dab3b6734b4953 95648 x11 optional vncommand_0.8.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEu+95sRlQAP1GppgRAtgmAJ42Ott+p2iFJpCitwep2Vw7T38ZhACggtCS
oj7HyjquitH5EEKdnG7izb0=
=BWRD
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.