From 0ee88a8a4a3b4d50f378796badcbe43c33747807 Mon Sep 17 00:00:00 2001 From: GLSAMaker Date: Wed, 6 Nov 2024 10:04:44 +0000 Subject: [ GLSA 202411-01 ] Neat VNC: Authentication Bypass Bug: https://bugs.gentoo.org/937140 Signed-off-by: GLSAMaker Signed-off-by: Hans de Graaff --- glsa-202411-01.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 glsa-202411-01.xml diff --git a/glsa-202411-01.xml b/glsa-202411-01.xml new file mode 100644 index 00000000..3cd99d6f --- /dev/null +++ b/glsa-202411-01.xml @@ -0,0 +1,41 @@ + + + + Neat VNC: Authentication Bypass + A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass. + neatvnc + 2024-11-06 + 2024-11-06 + 937140 + remote + + + 0.8.1 + 0.8.1 + + + +

Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat.

+
+ +

Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

+
+ +

A remote attacker can opt not to use any authentication method and access the VNC server.

+
+ +

There is no known workaround at this time.

+
+ +

All Neat VNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=gui-libs/neatvnc-0.8.1" + +
+ + + graaff + graaff +
\ No newline at end of file -- cgit v1.2.3-65-gdbad