CVE-2006-2450 — Libvncserver vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

3.2%

top 12.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libvncserver Project Libvncserver Debian Libvncserver Libvncserver

Timeline

PublishedJul 18

Latest updateMay 1

Description

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/libvncserver< libvncserver 0.8.2-1 (bookworm)

▶Debianlibvncserver_project/libvncserver< 0.8.2-1+3

▶NVDlibvncserver/libvncserver0.7.1

Patches

Patch: bugs.debian.org ↗Patch: libvncserver.cvs.sourceforge.net ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghjj-rq7v-wjhm: auth↗2022-05-01

▶

OSV

CVE-2006-2450: auth↗2006-07-18

▶

📋Vendor Advisories

Debian

CVE-2006-2450: libvncserver - auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication vi...↗2006

▶

Red Hat

CVE-2006-2450: auth↗

▶