Gentoo: 200302-16 Critical: VNC Insecure Cookie Generation Exploit
gentoo
February 24, 2003
The VNC server acts as an X server, but the script for starting itgenerates an MIT X cookie (which is used for X authentication) withoutusing a strong enough random number generato...
Summary
- --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-16 - --------------------------------------------------------------------- FIXED VERSION : 3.3.6-r1
- ---------------------------------------------------------------------
From Red Hat Security Advisory RHSA-2003:041-12:
"The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie."
Read the full advisory at: https://sso.redhat.com/auth/realms/redhat-external/protocol/saml
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/vnc upgrade to vnc-3.3.6-r1 as follows:
emerge sync emerge -u vnc emerge clean
- ------...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : vnc
SUMMARY : insecure cookie generation
DATE : 2003-02-24 11:35 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <3.3.6-r1
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!