Vulnerability Details : CVE-2011-1775
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.
Vulnerability category: Input validation
Products affected by CVE-2011-1775
- cpe:2.3:a:tigervnc:tigervnc:1.1:beta1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1775
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1775
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2011-1775
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1775
-
http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.html
Re: [Tigervnc-devel] potential vulnerability in TLS secType?
-
http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.html
Re: [Tigervnc-devel] potential vulnerability in TLS secType?
-
https://bugzilla.redhat.com/show_bug.cgi?id=702672
702672 – tigervnc: vncviewer can send password to server without proper validation of the X.509 certificate [fedora-15]
-
http://openwall.com/lists/oss-security/2011/05/06/2
oss-security - CVE request: tigervnc
-
https://bugzilla.redhat.com/show_bug.cgi?id=702470
702470 – (CVE-2011-1775) CVE-2011-1775 tigervnc: vncviewer can send password to server without proper validation of the X.509 certificate
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060567.html
[SECURITY] Fedora 15 Update: tigervnc-1.0.90-4.fc15
-
http://www.redhat.com/support/errata/RHSA-2011-0871.html
Support
-
http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.html
[Tigervnc-devel] potential vulnerability in TLS secType?
-
http://www.securityfocus.com/bid/47738
TigerVNC SSL Certificate Validation Security Bypass Vulnerability
-
http://openwall.com/lists/oss-security/2011/05/09/7
oss-security - Re: CVE request: tigervnc
Jump to