LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

vnc - replay and cookie vulnerabilities

Package(s):vnc CVE #(s):CAN-2002-1336 CAN-2002-1511
Created:February 21, 2003 Updated:May 5, 2003
Description: VNC is a tool for providing a remote graphical user interface. Two vulnerabilities have been found in versions of VNC shipped by Red Hat.

The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie.

The VNC DES authentication scheme is implemented using a challenge-response architecture, producing a random and different challenge for each authentication attempt. A bug in the function for generating the random challenge caused the random seed to get reset to the current time on every authentication attempt. Therefore, two authentication attempts within the same second could receive the same challenge. An eavesdropper could exploit this vulnerability by replaying the response, thereby gaining authentication.

All users of VNC are advised to upgrade to these erratum packages, which contain patches to correct these issues.

Alerts:
Conectiva CLA-2003:640 2003-05-05
Mandrake MDKSA-2003:022 2003-02-24
Gentoo 200302-16 2003-02-24
Gentoo 200302-15 2003-02-24
Red Hat RHSA-2003:041-12 2003-02-20
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds