TightVNC Repeated Challenge Replay Attack Vulnerability

Solution:
Sun have released a security alert (Sun Alert ID:56161) to acknowledge this issue in Sun Linux 5. A workaround has been described in the workaround section of this BID to address this issue. Fixes are pending release. See referenced alert for further details.

Sun have made fixes available to address this issue in Sun Linux 5.0.7. Fixes are linked below.

Gentoo Linux has released an advisory. Users who have installed net-misc/vnc or net-misc/tightvnc are advised to upgrade by issuing the following commands:

emerge sync
emerge -u tightvnc
emerge clean

or

emerge sync
emerge -u vnc
emerge clean

Conectiva has released advisory CLA-2003:640 with fixes to address this issue. Security advisory CLSA-2003:670 has also been released containing a fix for CLEE 1.0, users are advised to upgrade as soon as possible.


TightVNC TightVNC 1.2 .0

TightVNC TightVNC 1.2.1

Avaya Labs Libsafe 1.2.2

TightVNC TightVNC 1.2.2

TightVNC TightVNC 1.2.3

TightVNC TightVNC 1.2.4

TightVNC TightVNC 1.2.5

AT&T VNC 3.3.3

AT&T VNC 3.3.3 R2
 

Privacy Statement
Copyright 2010, SecurityFocus