Date: Thu, 13 Sep 2012 18:10:55 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Vincent Danen <vdanen@...hat.com> Subject: Re: CVE request: information leak in vino -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2012 04:48 PM, Vincent Danen wrote: > This one is a bit older, not sure why it hasn't been dealt with or > reported earlier, but just copying my text from our bug: > > > It was reported that vino transmits all clipboard activity to > anything listening on port 5900, including to clients that have > not authenticated. If a user were to have vino enabled (including > requiring authentication), a remote user could access the port and > see anything the user added to the clipboard sent over the port. > > To reproduce, enable vino with password protection (i.e. execute > vino-preferences). Connect to the VNC port (either locally or > remotely), for instance: > > % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: > zsh:@??[vdanen@...fc17] > > The above two bits of output are from copying in the GNOME > terminal, locally, on the system running vino. > > The above was tested with Fedora 17's 3.4.2 version; the report > indicates that 2.32 on Gentoo and 2.28 on Debian are also > vulnerable. > > References: > > https://bugs.gentoo.org/show_bug.cgi?id=434930 > https://bugzilla.gnome.org/show_bug.cgi?id=678434 > https://bugzilla.redhat.com/show_bug.cgi?id=857250 > > I did a quick attempt to reproduce this with 2.13.5 but was unable > to reproduce it, so somewhere between 2.13.5 and 2.28 this became > a problem. I've not dug into it further to see which version > introduced this. > > There's no response in the upstream bug either, so no patches are > available that I can see. Please use CVE-2012-4429 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUnYPAAoJEBYNRVNeJnmTqzkQAMPQpRhb5MBRJDcwtVHTea3z tSVWw1A5Ga8NTUNNHUtM7W5sTk18H/H6eDP/WU08J79fTn3183pXJG5++fQzmXwC z0mKlJu9YySXVc2USgQwZFSs8s68JakabIms1UIPAOcJi7Q//gIzRticjG/iGSkq PxS4hheI1E72cWbmXmSCpAiMFHhkYDoXyuRNMd2Jaq4WOzdohnf+EedigGYt0/6q 0RXhlX7KZGSYfR40oKc21ElbKQzCgbDzgtIQ/KOfU/1SBCBgsya9URIPywZs7idp 5rUiziMz3yOdCO4IJNI/1keQIQ6waKGLEAdfxl9G37c2vIxUxj27TYuaBcStliUh AiCGJoIVVPlTSN7T4ChsdafGKWYZYpPyPyiFYHECZ8AHpamLJuzb/AKZD9/g3mPL G11jWeSpk3Z2M2osNgSlPc/NDSd+oxxPEJ0QhWVdCEWM56rqeTbOwKgFnuDZwobj 6unxuIigRdEdcfUXJ1QkP2RZniiFSgdBAk9fLFBFZyNwLNUHeBaM6GViFpbpCOb7 MueTzlF7K2nXQ7e1SOJpobOqsCClmcig41bmXFoKZSGbKjkoXbPtWyLveQTXbcqm rd/Lw8vvh87StbZmFD8nIKmmblal06Ebc83TejPxkH+pLWQjandzm3bhK5Ggv6i9 6oXoBUt0PVmDNKQDonfC =cHAa -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.