CVE-2006-2450
9.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.049 Low
EPSS
Percentile
92.7%
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as “Type 1 - None”, which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libvncserver:libvncserver | libvncserver | eq | 0.7.1 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824
libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u
seclists.org/fulldisclosure/2022/May/29
secunia.com/advisories/20940
secunia.com/advisories/21179
secunia.com/advisories/21349
secunia.com/advisories/21393
secunia.com/advisories/21405
secunia.com/advisories/24525
security.gentoo.org/glsa/glsa-200608-05.xml
security.gentoo.org/glsa/glsa-200608-12.xml
security.gentoo.org/glsa/glsa-200703-19.xml
sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584
www.novell.com/linux/security/advisories/2006_42_kernel.html
www.securityfocus.com/archive/1/442986/100/0/threaded
www.securityfocus.com/bid/18977
www.vupen.com/english/advisories/2006/2797
Social References
More
Related
9.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.049 Low
EPSS
Percentile
92.7%