CVE-2020-29074Incorrect Permission Assignment in X11vnc

CWE-732Incorrect Permission AssignmentCWE-862Missing Authorization4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X11vnc Project X11vncDebian X11vncDebian Linux+1 more
Timeline
PublishedNov 25
Latest updateMay 24

Description

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/x11vnc< x11vnc 0.9.16-5 (bookworm)
Debianx11vnc_project/x11vnc< 0.9.16-5+3

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33, 34

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-qjv2-p92g-q4wq: scan2022-05-24
OSV
CVE-2020-29074: scan2020-11-25

📋Vendor Advisories

1
Debian
CVE-2020-29074: x11vnc - scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access...2020
CVE-2020-29074 — Incorrect Permission Assignment | cvebase