|
Sun Linux update for VNC
|
|
Secunia Advisory:
|
SA9557
|
|
|
Release Date:
|
2003-08-19
|
|
Popularity:
|
6,611 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Sun Linux 5.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Sun has issued updated packages for VNC. These fix two older vulnerabilities, which potentially can allow malicious people to gain access to the VNC server.
1) A vulnerability has been identified in the challenge response model used by VNC, since the challenge supplied by the server is based on time and only changes once every second. This allows malicious people, who can sniff the traffic, to replay the session within the same second thus gaining access to the VNC server.
2) When acting as an XServer, VNC generates insecure cookies used for authentication. The problem is that these cookies are not generated randomly enough, enabling a malicious person to guess it and thus gain access to the VNC server.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
