What Are You Looking For?

Sign Up

- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-15
- ---------------------------------------------------------------------

          PACKAGE : tightvnc
          SUMMARY : insecure cookie generation
             DATE : 2003-02-24 11:34 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <1.2.8
    FIXED VERSION : 1.2.8

- ---------------------------------------------------------------------

From Red Hat Security Advisory RHSA-2003:041-12:

"The VNC server acts as an X server, but the script for starting it
generates an MIT X cookie (which is used for X authentication) without
using a strong enough random number generator.  This could allow an
attacker to be able to more easily guess the authentication cookie."

Read the full advisory at:
https://access.RedHat.com/errata/RHSA-2003-041.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/tightvnc upgrade to tightvnc-1.2.8 as follows:

emerge sync
emerge -u tightvnc
emerge clean

- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- ---------------------------------------------------------------------

Gentoo: tightvnc Insecure cookie generation

The VNC server acts as an X server, but the script for starting itgenerates an MIT X cookie (which is used for X authentication) withoutusing a strong enough random number generato...

Summary


- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-15
- ---------------------------------------------------------------------
    FIXED VERSION : 1.2.8

- ---------------------------------------------------------------------

From Red Hat Security Advisory RHSA-2003:041-12:

"The VNC server acts as an X server, but the script for starting it
generates an MIT X cookie (which is used for X authentication) without
using a strong enough random number generator.  This could allow an
attacker to be able to more easily guess the authentication cookie."

Read the full advisory at:
https://access.RedHat.com/errata/RHSA-2003-041.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/tightvnc upgrade to tightvnc-1.2.8 as follows:

emerge sync
emerge -u tightvnc
emerge clean

- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- ---------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : tightvnc
SUMMARY : insecure cookie generation
DATE : 2003-02-24 11:34 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <1.2.8

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Ubuntu Server Security Best Practices

Oct 15, 2023

Harden Ubuntu Server to Secure Your Container and Other Deployments

Sep 17, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Sep 22, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo