Date: Thu, 13 Sep 2012 16:48:35 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: information leak in vino This one is a bit older, not sure why it hasn't been dealt with or reported earlier, but just copying my text from our bug: It was reported that vino transmits all clipboard activity to anything listening on port 5900, including to clients that have not authenticated. If a user were to have vino enabled (including requiring authentication), a remote user could access the port and see anything the user added to the clipboard sent over the port. To reproduce, enable vino with password protection (i.e. execute vino-preferences). Connect to the VNC port (either locally or remotely), for instance: % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: zsh:@??[vdanen@...fc17] The above two bits of output are from copying in the GNOME terminal, locally, on the system running vino. The above was tested with Fedora 17's 3.4.2 version; the report indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable. References: https://bugs.gentoo.org/show_bug.cgi?id=434930 https://bugzilla.gnome.org/show_bug.cgi?id=678434 https://bugzilla.redhat.com/show_bug.cgi?id=857250 I did a quick attempt to reproduce this with 2.13.5 but was unable to reproduce it, so somewhere between 2.13.5 and 2.28 this became a problem. I've not dug into it further to see which version introduced this. There's no response in the upstream bug either, so no patches are available that I can see. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ