Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1165

Опубликовано: 08 сент. 2009
Источник: redhat
CVSS2: 4.6
EPSS Низкий

Описание

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

Отчет

This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4vinoNot affected
Red Hat Enterprise Linux 5vinoNot affected
Red Hat Enterprise Linux 6vinoFixedRHSA-2013:016921.01.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=678846vino-preferences does not warn about UPnP especially with no password and no confirmation.

EPSS

Процентиль: 70%
0.00652
Низкий

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1165

ubuntu
больше 12 лет назад

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

nvd логотип

CVE-2011-1165

nvd
больше 12 лет назад

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

debian логотип

CVE-2011-1165

debian
больше 12 лет назад

Vino, possibly before 3.2, does not properly document that it opens po ...

github логотип

GHSA-v9m5-9vg5-h8w2

github
больше 3 лет назад

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

oracle-oval логотип

ELSA-2013-0169

oracle-oval
почти 13 лет назад

ELSA-2013-0169: vino security update (MODERATE)

EPSS

Процентиль: 70%
0.00652
Низкий

4.6 Medium

CVSS2