Package: vnc4 Version: 4.1.1+X4.3.0-19 Severity: grave Tags: security RealVNC 4.1.2 was released to plug holes in authentication handling. Quoting the CVE:
'allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server...' http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2369 http://www.realvnc.com/products/free/4.1/release-notes.html -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
