Showing 1 - 2 of 2

CVE-2012-4429

Status Candidate

Overview

Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.

Ubuntu Security Notice USN-1701-1: Posted Jan 23, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1701-1 - It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2012-4429; SHA-256 | d4053a9076fc30a14607b6d52279e3c08354eedca82cbe7b5f1a8805566d147d; Download | Favorite | View

Red Hat Security Advisory 2013-0169-01: Posted Jan 23, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0169-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash.; tags | advisory, remote; systems | linux, redhat; advisories | CVE-2011-0904, CVE-2011-0905, CVE-2011-1164, CVE-2011-1165, CVE-2012-4429; SHA-256 | 709d44a326fa0d3994ae28eeedadf167461a56201a46fc7ea3ccc58537ada91c; Download | Favorite | View

Page 1 of 1 Back 1 Next