Upstream information

CVE-2006-2450 at MITRE

Description

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 184418 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • LibVNCServer >= 0.9.1-154.24
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA LibVNCServer
SUSE Linux Enterprise Server 11 SP2
  • LibVNCServer >= 0.9.1-154.24
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA LibVNCServer
SUSE Linux Enterprise Server 11 SP3
  • LibVNCServer >= 0.9.1-154.24
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA LibVNCServer
SUSE Linux Enterprise Server 11 SP4
  • LibVNCServer >= 0.9.1-154.24
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA LibVNCServer
SUSE Linux Enterprise Software Development Kit 11 SP4
  • LibVNCServer-devel >= 0.9.1-154.24
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA LibVNCServer-devel
SUSE LINUX 10.1
  • xen-tools-ioemu >= 3.0.2_09742-0.4
SLE SDK 10 SP1 for IBM iSeries and IBM pSeries
SLE SDK 10 SP1 for IBM zSeries
SLE SDK 10 SP1 for IPF
SLE SDK 10 SP1 for X86-64
SLE SDK 10 SP1 for x86
  • LibVNCServer >= 0.8.2-31.6
ZYPP Patch Nr: 2927
SUSE LINUX 10.1
  • LibVNCServer >= 0.7.99-15.3
SUSE LINUX 10.1
  • xen >= 3.0.2_09749-0.7
  • xen-devel >= 3.0.2_09749-0.7
  • xen-doc-html >= 3.0.2_09749-0.7
  • xen-doc-pdf >= 3.0.2_09749-0.7
  • xen-doc-ps >= 3.0.2_09749-0.7
  • xen-libs >= 3.0.2_09749-0.7
  • xen-libs-32bit >= 3.0.2_09749-0.7
  • xen-tools >= 3.0.2_09749-0.7
  • xen-tools-ioemu >= 3.0.2_09749-0.7