FreeBSD : vnc -- authentication bypass vulnerability (4645b98c-e46e-11da-9ae7-00123fcc6e5c)

High Nessus Plugin ID 21574


The remote FreeBSD host is missing a security-related update.


RealVNC is susceptible to an authentication-bypass vulnerability. A malicious VNC client can cause a VNC server to allow it to connect without any authentication regardless of the authentication settings configured in the server. Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 21574

File Name: freebsd_pkg_4645b98ce46e11da9ae700123fcc6e5c.nasl

Version: $Revision: 1.28 $

Type: local

Published: 2006/05/19

Modified: 2015/01/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:vnc, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/05/18

Vulnerability Publication Date: 2006/05/15

Exploitable With


Core Impact

Reference Information

CVE: CVE-2006-2369

BID: 17978