CVE-2006-2450

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

auth.c en LibVNCServer 0.7.1 permite a atacantes remotos evitar la validación a través de una respuesta en la cual el cliente especifica un tipo de seguridad insegura como por ejemplo "Tipo 1 - None", el cual es aceptado siempre aunque no es ofrecida por el servidor, un asunto diferente que CVE-2006-2369.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-05-18 CVE Reserved
2006-07-14 CVE Published
2024-06-03 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
http://seclists.org/fulldisclosure/2022/May/29	Mailing List
http://secunia.com/advisories/21179	Third Party Advisory
http://secunia.com/advisories/21349	Third Party Advisory
http://secunia.com/advisories/21393	Third Party Advisory
http://secunia.com/advisories/21405	Third Party Advisory
http://secunia.com/advisories/24525	Third Party Advisory
http://www.securityfocus.com/archive/1/442986/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/18977	Vdb Entry
http://www.vupen.com/english/advisories/2006/2797	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824	2022-05-13
http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u	2022-05-13
http://secunia.com/advisories/20940	2022-05-13
http://sourceforge.net/project/shownotes.php?release_id=431724&group_id=32584	2022-05-13

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200608-05.xml	2022-05-13
http://security.gentoo.org/glsa/glsa-200608-12.xml	2022-05-13
http://security.gentoo.org/glsa/glsa-200703-19.xml	2022-05-13
http://www.novell.com/linux/security/advisories/2006_42_kernel.html	2022-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libvncserver Search vendor "Libvncserver"		Libvncserver Search vendor "Libvncserver" for product "Libvncserver"				0.7.1 Search vendor "Libvncserver" for product "Libvncserver" and version "0.7.1"		-		Affected