thr3ads.net - Secure testing team - [Secure-testing-team] Bug#528204: xtightvncviewer: Viewer vulnerable to attack by malicious/compromised VNC server [May 2009]

If this information is useful, please help other people find it:
Share via:

Simon Iremonger

2009-May-11 11:41 UTC

[Secure-testing-team] Bug#528204: xtightvncviewer: Viewer vulnerable to attack by malicious/compromised VNC server

Package: xtightvncviewer
Version: 1.3.9-4
Severity: grave
Tags: security
Justification: user security hole

As far as I can tell, The Debian pagkages for xtightvncviewer
  (also included unchanged in ubuntu) are still vulnerable to
  known problem fixed upstream.

Advisory here:-
  http://secunia.com/advisories/33807/

Fixed upstream as per:-
  http://vnc-tight.sourceforge.net/release-1.3.10.html

Please correct me if I''ve missed anything!
With thanks,

--Simon


-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF8, LC_CTYPE=en_GB.UTF8 (charmap=locale: Cannot set
LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Secure testing team - May 2009 - Bug#528204: xtightvncviewer: Viewer vulnerable to attack by malicious/compromised VNC server

[Secure-testing-team] Bug#528204: xtightvncviewer: Viewer vulnerable to attack by malicious/compromised VNC server