Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:022 (vnc)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50688

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:022 (vnc)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to vnc
announced via advisory MDKSA-2003:022.

A vulnerability was discovered in the VNC server script that generates
an X cookie, used by X authentication. The script generated a cookie
that was not strong enough and allow an attacker to more easily guess
the authentication cookie, thus obtaining unauthorized access to the
VNC server.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1511
http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-1336
BugTraq ID: 5296
http://www.securityfocus.com/bid/5296
Bugtraq: 20020724 VNC authentication weakness (Google Search)
http://marc.info/?l=bugtraq&m=102753170201524&w=2
Bugtraq: 20020726 RE: VNC authentication weakness (Google Search)
http://marc.info/?l=bugtraq&m=102769183913594&w=2
Conectiva Linux advisory: CLA-2003:640
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
XForce ISS Database: vnc-weak-authentication(5992)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
Common Vulnerability Exposure (CVE) ID: CVE-2002-1511
BugTraq ID: 6905
http://www.securityfocus.com/bid/6905
Conectiva Linux advisory: CLSA-2003:640
http://security.gentoo.org/glsa/glsa-200302-15.xml
http://www.redhat.com/support/errata/RHSA-2003-068.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161
http://www.iss.net/security_center/static/11384.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50688
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:022 (vnc)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to vnc announced via advisory MDKSA-2003:022. A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1511 http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1336 BugTraq ID: 5296 http://www.securityfocus.com/bid/5296 Bugtraq: 20020724 VNC authentication weakness (Google Search) http://marc.info/?l=bugtraq&m=102753170201524&w=2 Bugtraq: 20020726 RE: VNC authentication weakness (Google Search) http://marc.info/?l=bugtraq&m=102769183913594&w=2 Conectiva Linux advisory: CLA-2003:640 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 http://www.redhat.com/support/errata/RHSA-2002-287.html http://www.redhat.com/support/errata/RHSA-2003-041.html XForce ISS Database: vnc-weak-authentication(5992) https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 Common Vulnerability Exposure (CVE) ID: CVE-2002-1511 BugTraq ID: 6905 http://www.securityfocus.com/bid/6905 Conectiva Linux advisory: CLSA-2003:640 http://security.gentoo.org/glsa/glsa-200302-15.xml http://www.redhat.com/support/errata/RHSA-2003-068.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 http://www.iss.net/security_center/static/11384.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com