It was reported [1] that vncviewer could prompt for, and send, authentication credentials to a remote server without first properly validating the X.509 certificate. This could allow a malicious server to obtain a client's credentials because the client does not indicate to the user that a certificate is bad or missing. A proposed patch [2] is being discussed. [1] http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01342.html [2] http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01347.html Above copied From RH's bug: https://bugzilla.redhat.com/show_bug.cgi?id=702470 CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1775 Took a quick look at our build and it does seem to include the X.509 support. Advisory Text: It was discovered that vncviewer could prompt for and send authentication credentials to a remote server without first properly validating the server's X.509 certificate. As vncviewer did not indicate that the certificate was bad or missing, a man-in-the-middle attacker could use this flaw to trick a vncviewer client into connecting to a spoofed VNC server, allowing the attacker to obtain the client's credentials. This issue is identified at mitre.org by CVE-2011-1775. Updated packages correct this issue.
2 months, no triage, no interest, closing
Status: NEW => RESOLVEDResolution: (none) => OLD
Mageia 1 is not EOL yet!
Status: RESOLVED => REOPENEDCC: (none) => sander.lepikHardware: i586 => AllResolution: OLD => (none)Assignee: bugsquad => dmorganec
Keywords: (none) => Security
patching in progress
package in update_testing
Assignee: dmorganec => qa-bugs
i take back this bug, the package doesn't build.
CC: (none) => dmorganecAssignee: qa-bugs => dmorganec
ping for this security issue.
CC: (none) => stormi
Ping ?
On the mageia-discuss ml another possible issue was mentioned and Florian reacted: Am 07.12.2011 09:40, schrieb Kira: > > One of the user from Taiwan reported that he can't > > > > get keyboard working with xrdp/tigervnc-server. > > > > Mouse works, Some keys like Enter works, but > > > > a~z, 1~0 don't.Any help? > > Should be looked at, and could be fixed together when fixing tigervnc build
CC: (none) => marja11
CC: (none) => elegant.pegasus
i just pushed a new version 1.1.0 into cauldron and mageia 1. I assign the bug to QA, if the package doesn't build ( it builds OK in cauldron ) then please reassign it to me.
Has vncviewer been updated? All I can see is tigervnc. Isn't this different?
tigervnc provides vncviewer, sorry for the noise. I thought it was s separate CLI utility.
Testing on i586 complete for the srpm tigervnc-1.1.0-0.1.mga1.src.rpm I don't have a POC for testing the exploit, so just confirming the program works. For testing, I used ssh to login to an account that has an x session already running on the local system, then used x0vncserver display=:0 -SecurityTypes=None & vncviewer -compresslevel 9 localhost:0 to take over the x session.
CC: (none) => davidwhodgins
someone to test on x86_64 please ?
Testing complete on x86_64 with using the vnc server of virt-manager/kvm Suggested Advisory: ------------- It was discovered that vncviewer could prompt for and send authentication credentials to a remote server without first properly validating the server's X.509 certificate. As vncviewer did not indicate that the certificate was bad or missing, a man-in-the-middle attacker could use this flaw to trick a vncviewer client into connecting to a spoofed VNC server, allowing the attacker to obtain the client's credentials. This issue is identified at mitre.org by CVE-2011-1775. Updated packages correct this issue. https://bugs.mageia.org/show_bug.cgi?id=1963 ------------- SRPM: tigervnc-1.1.0-0.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: REOPENED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED