Stay Secure with the Latest Linux Advisories

security advisoryhigh severitygentoo

Gentoo: GLSA 202411-01 High: Neat VNC Authentication Bypass Issue

A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202411-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Neat VNC: Authentication Bypass Date: November 06, 2024 Bugs: #937140 ID: 202411-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass. Background ========== Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ gui-libs/neatvnc < 0.8.1 > = 0.8.1 Description =========== Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. Impact ====== A remote attacker can opt not to use any authentication method and access the VNC server. Workaround ========== There is no known workaround at this time. Resolution ========== All Neat VNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gui-libs/neatvnc-0.8.1" References ========== Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202411-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . A critical Gentoo advisory highlights the significant Neat VNC authentication bypass flaw and its remediation efforts.. Neat VNC, Gentoo Security, Authentication Bypass, High Severity Advisory. . LinuxSecurity.com Team

Nov 06, 2024 Gentoo