ID CVE-2006-2450
Summary auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
References
Vulnerable Configurations
  • cpe:2.3:a:libvncserver:libvncserver:0.7.1
    cpe:2.3:a:libvncserver:libvncserver:0.7.1
CVSS
Base: 7.5 (as of 18-07-2006 - 18:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200703-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200703-19 (LTSP: Authentication bypass in included LibVNCServer code) The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as 'Type 1 - None' (GLSA-200608-05). The LTSP VNC server will accept this security type, even if it is not offered by the server. Impact : An attacker could exploit this vulnerability to gain unauthorized access with the privileges of the user running the VNC server. Workaround : There is no known workaround at this time.
    last seen 2018-01-13
    modified 2018-01-12
    plugin id 24868
    published 2007-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24868
    title GLSA-200703-19 : LTSP: Authentication bypass in included LibVNCServer code
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-05 (LibVNCServer: Authentication bypass) LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as 'Type 1 - None'. LibVNCServer will accept this security type, even if it is not offered by the server. Impact : An attacker could use this vulnerability to gain unauthorized access with the privileges of the user running the VNC server. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2015-04-13
    plugin id 22147
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22147
    title GLSA-200608-05 : LibVNCServer: Authentication bypass
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBVNCSERVER-1667.NASL
    description Modified clients could bypass authentication of password protected VNC servers (CVE-2006-2450).
    last seen 2017-10-29
    modified 2014-06-13
    plugin id 27111
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27111
    title openSUSE 10 Security Update : LibVNCServer (LibVNCServer-1667)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-12 (x11vnc: Authentication bypass in included LibVNCServer code) x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as 'Type 1 - None' (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server. Impact : An attacker could exploit this vulnerability to gain unauthorized access with the privileges of the user running the VNC server. Workaround : There is no known workaround at this time.
    last seen 2018-01-13
    modified 2018-01-12
    plugin id 22171
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22171
    title GLSA-200608-12 : x11vnc: Authentication bypass in included LibVNCServer code
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XEN-1841.NASL
    description Modified clients could bypass authentication of password protected VNC servers (CVE-2006-2450).
    last seen 2017-10-29
    modified 2014-06-13
    plugin id 27481
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27481
    title openSUSE 10 Security Update : xen (xen-1841)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9DDA3FF12B0211DBA6E2000E0C2E438A.NASL
    description Ludwig Nussel reports that x11vnc is vulnerable to an authentication bypass vulnerability. The vulnerability is caused by an error in auth.c. This could allow a remote attacker to gain unauthorized and unauthenticated access to the system.
    last seen 2017-10-29
    modified 2013-06-22
    plugin id 22212
    published 2006-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22212
    title FreeBSD : x11vnc -- authentication bypass vulnerability (9dda3ff1-2b02-11db-a6e2-000e0c2e438a)
  • NASL family Misc.
    NASL id REALVNC_AUTH_BYPASS.NASL
    description The version of VNC server running on the remote host is affected by the following vulnerabilities : - A flaw exists in RealVNC due to an error when handling password authentication. A remote attacker can exploit this to bypass authentication by using a specially crafted request in which the client specifies an insecure security type (e.g., 'Type 1 - None'), which is accepted even if not offered by the server. (CVE-2006-2369) - A flaw exists in LibVNCServer within file auth.c due to an error when handling password authentication. A remote attacker can exploit this to bypass authentication by using a specially crafted request in which the client specifies an insecure security type (e.g., 'Type 1 - None'), which is accepted even if not offered by the server. (CVE-2006-2450)
    last seen 2017-10-29
    modified 2017-04-20
    plugin id 21564
    published 2006-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21564
    title VNC Security Type Enforcement Failure Remote Authentication Bypass
refmap via4
bid 18977
bugtraq 20060811 Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
confirm
gentoo
  • GLSA-200608-05
  • GLSA-200608-12
  • GLSA-200703-19
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
secunia
  • 20940
  • 21179
  • 21349
  • 21393
  • 21405
  • 24525
suse SUSE-SA:2006:042
vupen ADV-2006-2797
statements via4
contributor Mark J Cox
lastmodified 2006-08-24
organization Red Hat
statement Not vulnerable. This issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 11-11-2014 - 11:17
Published 18-07-2006 - 11:40
Back to Top