scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the     current user. (CVE-2020-29074)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 305ceb2c-9df8-11ef-a660-d85ed309193e advisory.

    cve@mitre.org reports:
    scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls,               which allows access by actors other than the current user.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-93911302d6 advisory.

  - scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the     current user. (CVE-2020-29074)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-c5b679877e advisory.

  - scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the     current user. (CVE-2020-29074)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

For Debian 9 stretch, this problem has been fixed in version 0.9.13-2+deb9u2.

We recommend that you upgrade your x11vnc packages.

For the detailed security status of x11vnc please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/x11vnc

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

ID	Name	Product	Family	Severity
257713	Linux Distros Unpatched Vulnerability : CVE-2020-29074	Nessus	Misc.	high
210721	FreeBSD : x11vnc -- access to shared memory segments (305ceb2c-9df8-11ef-a660-d85ed309193e)	Nessus	FreeBSD Local Security Checks	high
147618	Fedora 33 : x11vnc (2021-93911302d6)	Nessus	Fedora Local Security Checks	high
147437	Fedora 32 : x11vnc (2021-c5b679877e)	Nessus	Fedora Local Security Checks	high
144099	Debian DLA-2490-1 : x11vnc security update	Nessus	Debian Local Security Checks	high
143315	Debian DSA-4799-1 : x11vnc - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2020-29074

high

Tenable Plugins

high

high

high

high

high

high