oss-sec mailing list archives
CVE request: information leak in vino
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 13 Sep 2012 16:48:35 -0600
This one is a bit older, not sure why it hasn't been dealt with or reported earlier, but just copying my text from our bug: It was reported that vino transmits all clipboard activity to anything listening on port 5900, including to clients that have not authenticated. If a user were to have vino enabled (including requiring authentication), a remote user could access the port and see anything the user added to the clipboard sent over the port. To reproduce, enable vino with password protection (i.e. execute vino-preferences). Connect to the VNC port (either locally or remotely), for instance: % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: zsh:@??[vdanen@odvfc17] The above two bits of output are from copying in the GNOME terminal, locally, on the system running vino. The above was tested with Fedora 17's 3.4.2 version; the report indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable. References: https://bugs.gentoo.org/show_bug.cgi?id=434930 https://bugzilla.gnome.org/show_bug.cgi?id=678434 https://bugzilla.redhat.com/show_bug.cgi?id=857250 I did a quick attempt to reproduce this with 2.13.5 but was unable to reproduce it, so somewhere between 2.13.5 and 2.28 this became a problem. I've not dug into it further to see which version introduced this. There's no response in the upstream bug either, so no patches are available that I can see. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: information leak in vino Vincent Danen (Sep 13)
- Re: CVE request: information leak in vino Kurt Seifried (Sep 13)