FreeBSD : vnc -- authentication bypass vulnerability (4645b98c-e46e-11da-9ae7-00123fcc6e5c)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

RealVNC is susceptible to an authentication-bypass vulnerability. A
malicious VNC client can cause a VNC server to allow it to connect
without any authentication regardless of the authentication settings
configured in the server. Exploiting this issue allows attackers to
gain unauthenticated, remote access to the VNC servers.

See also :

http://www.securityfocus.com/archive/1/433994/30/0/threaded
http://www.nessus.org/u?ada39d0b

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21574 (freebsd_pkg_4645b98ce46e11da9ae700123fcc6e5c.nasl)

Bugtraq ID: 17978

CVE ID: CVE-2006-2369

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now