Modified clients could bypass authentication of password protected VNC servers (CVE-2006-2450).

リモートホストにインストールされている VNC サーバーにより、攻撃者は、明示的にサポートするように構成されていない場合でも、単に認証タイプとして「タイプ 1 - なし」をリクエストすることで、認証をバイパスできます。

遠端主機上執行的 VNC 伺服器版本受到下列弱點影響：

  - RealVNC 中有一個瑕疵，這是在處理密碼驗證時發生錯誤所導致。遠端攻擊者可利用此瑕疵，使用用戶端在其中指定不安全的安全類型 (例如「Type 1-None」) 的特製要求來繞過驗證，即使伺服器未提供，應用程式仍會接受此要求。
    (CVE-2006-2369)

  - 檔案 auth.c 的 LibVNCServer 中有一個瑕疵，這是在處理密碼驗證時發生錯誤所導致。遠端攻擊者可利用此瑕疵，使用用戶端在其中指定不安全的安全類型 (例如「Type 1-None」) 的特製要求來繞過驗證，即使伺服器未提供，應用程式仍會接受此要求。(CVE-2006-2450)

远程主机上运行的 VNC 服务器版本受到以下漏洞的影响：

  - RealVNC 中存在一个缺陷，这是处理密码身份验证时出错所致。远程攻击者可利用此漏洞，通过使用客户端在其中指定不安全的安全类型（例如“Type 1 - None”）的特别构建请求（即使非服务器提供也会被接受），绕过身份验证。
    (CVE-2006-2369)

  - auth.c 文件的 LibVNCServer 中存在一个缺陷，这是处理密码身份验证时出错所致。远程攻击者可利用此漏洞，通过使用客户端在其中指定不安全的安全类型（例如“Type 1 - None”）的特别构建请求（即使非服务器提供也会被接受），绕过身份验证。(CVE-2006-2450)

The remote host is affected by the vulnerability described in GLSA-200703-19 (LTSP: Authentication bypass in included LibVNCServer code)

    The LTSP server includes vulnerable LibVNCServer code, which fails to     properly validate protocol types effectively letting users decide what     protocol to use, such as 'Type 1 - None' (GLSA-200608-05). The LTSP VNC     server will accept this security type, even if it is not offered by the     server.
  Impact :

    An attacker could exploit this vulnerability to gain unauthorized     access with the privileges of the user running the VNC server.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-200608-05 (LibVNCServer: Authentication bypass)

    LibVNCServer fails to properly validate protocol types effectively     letting users decide what protocol to use, such as 'Type 1 - None'.
    LibVNCServer will accept this security type, even if it is not offered     by the server.
  Impact :

    An attacker could use this vulnerability to gain unauthorized access     with the privileges of the user running the VNC server.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-200608-12 (x11vnc: Authentication bypass in included LibVNCServer code)

    x11vnc includes vulnerable LibVNCServer code, which fails to properly     validate protocol types effectively letting users decide what protocol     to use, such as 'Type 1 - None' (GLSA-200608-05). x11vnc will accept     this security type, even if it is not offered by the server.
  Impact :

    An attacker could exploit this vulnerability to gain unauthorized     access with the privileges of the user running the VNC server.
  Workaround :

    There is no known workaround at this time.

Ludwig Nussel reports that x11vnc is vulnerable to an authentication bypass vulnerability. The vulnerability is caused by an error in auth.c. This could allow a remote attacker to gain unauthorized and unauthenticated access to the system.

The version of VNC server running on the remote host is affected by the following vulnerabilities :

  - A flaw exists in RealVNC due to an error when handling     password authentication. A remote attacker can exploit     this to bypass authentication by using a specially     crafted request in which the client specifies an     insecure security type (e.g., 'Type 1 - None'), which is     accepted even if not offered by the server.
    (CVE-2006-2369)

  - A flaw exists in LibVNCServer within file auth.c due to     an error when handling password authentication. A remote     attacker can exploit this to bypass authentication by     using a specially crafted request in which the client     specifies an insecure security type (e.g., 'Type 1 -     None'), which is accepted even if not offered by the     server. (CVE-2006-2450)

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
27481	openSUSE 10 Security Update : xen (xen-1841)	Nessus	SuSE Local Security Checks	2007/10/17	2021/1/14	high
21564	VNC セキュリティタイプ実施失敗のリモート認証のバイパス	Nessus	Misc.	2006/5/15	2018/7/25	critical
21564	VNC 安全性類型強制失敗遠端驗證略過	Nessus	Misc.	2006/5/15	2018/7/25	critical
21564	VNC 安全类型强制失败远程认证绕过	Nessus	Misc.	2006/5/15	2018/7/25	critical
24868	GLSA-200703-19 : LTSP: Authentication bypass in included LibVNCServer code	Nessus	Gentoo Local Security Checks	2007/3/19	2021/1/6	high
27111	openSUSE 10 Security Update : LibVNCServer (LibVNCServer-1667)	Nessus	SuSE Local Security Checks	2007/10/17	2021/1/14	high
22147	GLSA-200608-05 : LibVNCServer: Authentication bypass	Nessus	Gentoo Local Security Checks	2006/8/4	2021/1/6	high
22171	GLSA-200608-12 : x11vnc: Authentication bypass in included LibVNCServer code	Nessus	Gentoo Local Security Checks	2006/8/8	2021/1/6	high
22212	FreeBSD : x11vnc -- authentication bypass vulnerability (9dda3ff1-2b02-11db-a6e2-000e0c2e438a)	Nessus	FreeBSD Local Security Checks	2006/8/14	2021/1/6	high
21564	VNC Security Type Enforcement Failure Remote Authentication Bypass	Nessus	Misc.	2006/5/15	2018/7/25	critical

检测

插件搜索

high

critical

critical

critical

high

high

high

high

high

critical