oss-sec mailing list archives
Re: CVE request: information leak in vino
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 13 Sep 2012 18:10:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2012 04:48 PM, Vincent Danen wrote:
This one is a bit older, not sure why it hasn't been dealt with or reported earlier, but just copying my text from our bug: It was reported that vino transmits all clipboard activity to anything listening on port 5900, including to clients that have not authenticated. If a user were to have vino enabled (including requiring authentication), a remote user could access the port and see anything the user added to the clipboard sent over the port. To reproduce, enable vino with password protection (i.e. execute vino-preferences). Connect to the VNC port (either locally or remotely), for instance: % nc -4 odvfc17 5900 RFB 003.007 @??zsh: command not found: zsh:@??[vdanen@odvfc17] The above two bits of output are from copying in the GNOME terminal, locally, on the system running vino. The above was tested with Fedora 17's 3.4.2 version; the report indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable. References: https://bugs.gentoo.org/show_bug.cgi?id=434930 https://bugzilla.gnome.org/show_bug.cgi?id=678434 https://bugzilla.redhat.com/show_bug.cgi?id=857250 I did a quick attempt to reproduce this with 2.13.5 but was unable to reproduce it, so somewhere between 2.13.5 and 2.28 this became a problem. I've not dug into it further to see which version introduced this. There's no response in the upstream bug either, so no patches are available that I can see.
Please use CVE-2012-4429 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUnYPAAoJEBYNRVNeJnmTqzkQAMPQpRhb5MBRJDcwtVHTea3z tSVWw1A5Ga8NTUNNHUtM7W5sTk18H/H6eDP/WU08J79fTn3183pXJG5++fQzmXwC z0mKlJu9YySXVc2USgQwZFSs8s68JakabIms1UIPAOcJi7Q//gIzRticjG/iGSkq PxS4hheI1E72cWbmXmSCpAiMFHhkYDoXyuRNMd2Jaq4WOzdohnf+EedigGYt0/6q 0RXhlX7KZGSYfR40oKc21ElbKQzCgbDzgtIQ/KOfU/1SBCBgsya9URIPywZs7idp 5rUiziMz3yOdCO4IJNI/1keQIQ6waKGLEAdfxl9G37c2vIxUxj27TYuaBcStliUh AiCGJoIVVPlTSN7T4ChsdafGKWYZYpPyPyiFYHECZ8AHpamLJuzb/AKZD9/g3mPL G11jWeSpk3Z2M2osNgSlPc/NDSd+oxxPEJ0QhWVdCEWM56rqeTbOwKgFnuDZwobj 6unxuIigRdEdcfUXJ1QkP2RZniiFSgdBAk9fLFBFZyNwLNUHeBaM6GViFpbpCOb7 MueTzlF7K2nXQ7e1SOJpobOqsCClmcig41bmXFoKZSGbKjkoXbPtWyLveQTXbcqm rd/Lw8vvh87StbZmFD8nIKmmblal06Ebc83TejPxkH+pLWQjandzm3bhK5Ggv6i9 6oXoBUt0PVmDNKQDonfC =cHAa -----END PGP SIGNATURE-----
Current thread:
- CVE request: information leak in vino Vincent Danen (Sep 13)
- Re: CVE request: information leak in vino Kurt Seifried (Sep 13)