This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computer's desktop environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. TigerVNC is a suite of
VNC servers and clients.
It was discovered that vncviewer could prompt for and send
authentication credentials to a remote server without first properly
validating the server's X.509 certificate. As vncviewer did not
indicate that the certificate was bad or missing, a man-in-the-middle
attacker could use this flaw to trick a vncviewer client into
connecting to a spoofed VNC server, allowing the attacker to obtain
the client's credentials. (CVE-2011-1775)
All tigervnc users should upgrade to these updated packages, which
contain a backported patch to correct this issue.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61069 ()
CVE ID: CVE-2011-1775