Date: Thu, 13 Sep 2012 18:10:55 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Vincent Danen <vdanen@...hat.com> Subject: Re: CVE request: information leak in vino -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2012 04:48 PM, Vincent Danen wrote: > This one is a bit older, not sure why it hasn't been dealt with or > reported earlier, but just copying my text from our bug: > > > It was reported that vino transmits all clipboard activity to > anything listening on port 5900, including to clients that have > not authenticated. If a user were to have vino enabled (including > requiring authentication), a remote user could access the port and > see anything the user added to the clipboard sent over the port. > > To reproduce, enable vino with password protection (i.e. execute > vino-preferences). Connect to the VNC port (either locally or > remotely), for instance: > > % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: > zsh:@??[vdanen@...fc17] > > The above two bits of output are from copying in the GNOME > terminal, locally, on the system running vino. > > The above was tested with Fedora 17's 3.4.2 version; the report > indicates that 2.32 on Gentoo and 2.28 on Debian are also > vulnerable. > > References: > > https://bugs.gentoo.org/show_bug.cgi?id=434930 > https://bugzilla.gnome.org/show_bug.cgi?id=678434 > https://bugzilla.redhat.com/show_bug.cgi?id=857250 > > I did a quick attempt to reproduce this with 2.13.5 but was unable > to reproduce it, so somewhere between 2.13.5 and 2.28 this became > a problem. I've not dug into it further to see which version > introduced this. > > There's no response in the upstream bug either, so no patches are > available that I can see. Please use CVE-2012-4429 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUnYPAAoJEBYNRVNeJnmTqzkQAMPQpRhb5MBRJDcwtVHTea3z tSVWw1A5Ga8NTUNNHUtM7W5sTk18H/H6eDP/WU08J79fTn3183pXJG5++fQzmXwC z0mKlJu9YySXVc2USgQwZFSs8s68JakabIms1UIPAOcJi7Q//gIzRticjG/iGSkq PxS4hheI1E72cWbmXmSCpAiMFHhkYDoXyuRNMd2Jaq4WOzdohnf+EedigGYt0/6q 0RXhlX7KZGSYfR40oKc21ElbKQzCgbDzgtIQ/KOfU/1SBCBgsya9URIPywZs7idp 5rUiziMz3yOdCO4IJNI/1keQIQ6waKGLEAdfxl9G37c2vIxUxj27TYuaBcStliUh AiCGJoIVVPlTSN7T4ChsdafGKWYZYpPyPyiFYHECZ8AHpamLJuzb/AKZD9/g3mPL G11jWeSpk3Z2M2osNgSlPc/NDSd+oxxPEJ0QhWVdCEWM56rqeTbOwKgFnuDZwobj 6unxuIigRdEdcfUXJ1QkP2RZniiFSgdBAk9fLFBFZyNwLNUHeBaM6GViFpbpCOb7 MueTzlF7K2nXQ7e1SOJpobOqsCClmcig41bmXFoKZSGbKjkoXbPtWyLveQTXbcqm rd/Lw8vvh87StbZmFD8nIKmmblal06Ebc83TejPxkH+pLWQjandzm3bhK5Ggv6i9 6oXoBUt0PVmDNKQDonfC =cHAa -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ