x11vnc is vulnerable to privilege escalation. The vulnerability exists through scan.c
in IPC_CREAT|0777
in shmget
calls, which allows access by actors other than the current user.
CPE | Name | Operator | Version |
---|---|---|---|
x11vnc:bullseye | eq | 0.9.16-4 | |
x11vnc:sid | eq | 0.9.16-4 | |
x11vnc:3.12 | eq | 0.9.16-r0 | |
x11vnc:stretch | eq | 0.9.13-2+deb9u1 | |
x11vnc:edge | eq | 0.9.16-r0 |
github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
lists.debian.org/debian-lts-announce/2020/12/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/H2FLWSVH32O6JXLRQBYDQLP7XRSTLUPQ/
lists.fedoraproject.org/archives/list/[email protected]/message/MHVXHZE3YIP4RTWGQ24IDBSW44XPRDOC/
lists.fedoraproject.org/archives/list/[email protected]/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/
security-tracker.debian.org/tracker/CVE-2020-29074
www.debian.org/security/2020/dsa-4799