Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-05] LibVNCServer: Authentication bypass Vulnerability Scan
Vulnerability Scan Summary
LibVNCServer: Authentication bypass
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-05
(LibVNCServer: Authentication bypass)
LibVNCServer fails to properly validate protocol types effectively
letting users decide what protocol to use, such as "Type 1 - None".
LibVNCServer will accept this security type, even if it is not offered
by the server.
A possible hacker could use this vulnerability to gain unauthorized access
with the rights of the user running the VNC server.
There is no known workaround at this time.
All LibVNCServer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.8.2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.