Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 13 Sep 2012 18:10:55 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: information leak in vino

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/13/2012 04:48 PM, Vincent Danen wrote:
> This one is a bit older, not sure why it hasn't been dealt with or 
> reported earlier, but just copying my text from our bug:
> 
> 
> It was reported that vino transmits all clipboard activity to 
> anything listening on port 5900, including to clients that have
> not authenticated.  If a user were to have vino enabled (including
> requiring authentication), a remote user could access the port and
> see anything the user added to the clipboard sent over the port.
> 
> To reproduce, enable vino with password protection (i.e. execute 
> vino-preferences).  Connect to the VNC port (either locally or 
> remotely), for instance:
> 
> % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found:
> zsh:@??[vdanen@...fc17]
> 
> The above two bits of output are from copying in the GNOME
> terminal, locally, on the system running vino.
> 
> The above was tested with Fedora 17's 3.4.2 version; the report 
> indicates that 2.32 on Gentoo and 2.28 on Debian are also
> vulnerable.
> 
> References:
> 
> https://bugs.gentoo.org/show_bug.cgi?id=434930 
> https://bugzilla.gnome.org/show_bug.cgi?id=678434 
> https://bugzilla.redhat.com/show_bug.cgi?id=857250
> 
> I did a quick attempt to reproduce this with 2.13.5 but was unable
> to reproduce it, so somewhere between 2.13.5 and 2.28 this became
> a problem.  I've not dug into it further to see which version
> introduced this.
> 
> There's no response in the upstream bug either, so no patches are 
> available that I can see.

Please use CVE-2012-4429  for this issue.
- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQUnYPAAoJEBYNRVNeJnmTqzkQAMPQpRhb5MBRJDcwtVHTea3z
tSVWw1A5Ga8NTUNNHUtM7W5sTk18H/H6eDP/WU08J79fTn3183pXJG5++fQzmXwC
z0mKlJu9YySXVc2USgQwZFSs8s68JakabIms1UIPAOcJi7Q//gIzRticjG/iGSkq
PxS4hheI1E72cWbmXmSCpAiMFHhkYDoXyuRNMd2Jaq4WOzdohnf+EedigGYt0/6q
0RXhlX7KZGSYfR40oKc21ElbKQzCgbDzgtIQ/KOfU/1SBCBgsya9URIPywZs7idp
5rUiziMz3yOdCO4IJNI/1keQIQ6waKGLEAdfxl9G37c2vIxUxj27TYuaBcStliUh
AiCGJoIVVPlTSN7T4ChsdafGKWYZYpPyPyiFYHECZ8AHpamLJuzb/AKZD9/g3mPL
G11jWeSpk3Z2M2osNgSlPc/NDSd+oxxPEJ0QhWVdCEWM56rqeTbOwKgFnuDZwobj
6unxuIigRdEdcfUXJ1QkP2RZniiFSgdBAk9fLFBFZyNwLNUHeBaM6GViFpbpCOb7
MueTzlF7K2nXQ7e1SOJpobOqsCClmcig41bmXFoKZSGbKjkoXbPtWyLveQTXbcqm
rd/Lw8vvh87StbZmFD8nIKmmblal06Ebc83TejPxkH+pLWQjandzm3bhK5Ggv6i9
6oXoBUt0PVmDNKQDonfC
=cHAa
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.