TightVNC Repeated Challenge Replay Attack Vulnerability

Bugtraq ID: 5296
Class: Design Error
CVE: CVE-2002-1336
Remote: Yes
Local: No
Published: Jul 24 2002 12:00AM
Updated: Jul 11 2009 02:56PM
Credit: Discovered by jepler@unpythonic.net.
Vulnerable: TightVNC TightVNC 1.2.5
+ Mandriva Linux Mandrake 9.0
TightVNC TightVNC 1.2.4
TightVNC TightVNC 1.2.3
TightVNC TightVNC 1.2.2
TightVNC TightVNC 1.2.1
TightVNC TightVNC 1.2 .0
Avaya Labs Libsafe 1.2.2
AT&T VNC 3.3.6
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
AT&T VNC 3.3.5
AT&T VNC 3.3.4
AT&T VNC 3.3.3 R2
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
- Redhat Linux 7.2 ia64
- Redhat Linux 7.2 i686
- Redhat Linux 7.2 i586
- Redhat Linux 7.2 i386
- Redhat Linux 7.2 alpha
- Redhat Linux 7.2
- Redhat Linux 7.1 ia64
- Redhat Linux 7.1 i686
- Redhat Linux 7.1 i586
- Redhat Linux 7.1 i386
- Redhat Linux 7.1 alpha
- Redhat Linux 7.1
- Redhat Linux 7.0 sparc
- Redhat Linux 7.0 i686
- Redhat Linux 7.0 i386
- Redhat Linux 7.0 alpha
- Redhat Linux 7.0
- Redhat Linux 6.2 sparc
- Redhat Linux 6.2 i386
- Redhat Linux 6.2 alpha
- Redhat Linux 6.2
+ Sun Linux 5.0.7
+ Sun Linux 5.0
+ Sun LX50
AT&T VNC 3.3.3
- Apple Mac OS 9 9.0
- BSDI BSD/OS 4.0
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- HP HP-UX 11.11
+ Mandriva Linux Mandrake 7.2
- Microsoft Windows 2000 Professional
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 2.0
- Redhat Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- SuSE Linux 7.0
Not Vulnerable: TightVNC TightVNC 1.2.6


 

Privacy Statement
Copyright 2010, SecurityFocus