Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Sep 2012 16:48:35 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: information leak in vino

This one is a bit older, not sure why it hasn't been dealt with or
reported earlier, but just copying my text from our bug:


It was reported that vino transmits all clipboard activity to
anything listening on port 5900, including to clients that have not
authenticated.  If a user were to have vino enabled (including requiring
authentication), a remote user could access the port and see anything
the user added to the clipboard sent over the port.

To reproduce, enable vino with password protection (i.e. execute
vino-preferences).  Connect to the VNC port (either locally or
remotely), for instance:

% nc -4 odvfc17 5900
RFB 003.007
@??zsh: command not found: zsh:@...vdanen@...fc17]

The above two bits of output are from copying in the GNOME terminal,
locally, on the system running vino.

The above was tested with Fedora 17's 3.4.2 version; the report
indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable.

References:

https://bugs.gentoo.org/show_bug.cgi?id=434930
https://bugzilla.gnome.org/show_bug.cgi?id=678434
https://bugzilla.redhat.com/show_bug.cgi?id=857250

I did a quick attempt to reproduce this with 2.13.5 but was unable to
reproduce it, so somewhere between 2.13.5 and 2.28 this became a
problem.  I've not dug into it further to see which version introduced
this.

There's no response in the upstream bug either, so no patches are
available that I can see.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ