CVE-2002-1336
CVSS7.5
发布时间 :2002-12-11 00:00:00
修订时间 :2016-10-17 22:26:01
NMCOS    

[原文]TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.


[CNNVD]TightVNC重复信息可导致回放攻击漏洞(CNNVD-200212-013)

        
        TightVNC是一款由Constantin Kaplinsky分发和维护的VNC(Virtual Network Computing)软件,用于远程图形化的连接访问,可使用在Microsoft Windows及各种Unix类操作系统下。
        TightVNC在处理短时间快速连接时存在问题,远程攻击者可以利用这个漏洞监听网络获得应答信息,用窃听到的认证应答进行访问登录。
        TigthVNC如果在短时间内同时快速地收到几个不同连接请求,它可能会重复相同的DES挑战发送给客户端。如果攻击者窃听到网络通信,就可能使用听到的应答信息进行认证。
        此漏洞存在于UNIX下的TightVNC 1.2.1版本,其他版本也可能存在此漏洞,不过没有得到证实。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:tightvnc:tightvnc:1.2.4
cpe:/a:tightvnc:tightvnc:1.2.3
cpe:/a:tightvnc:tightvnc:1.2.1
cpe:/a:tightvnc:tightvnc:1.2.0
cpe:/a:tightvnc:tightvnc:1.2.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1336
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1336
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-013
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
(UNKNOWN)  CONECTIVA  CLA-2003:640
http://marc.info/?l=bugtraq&m=102753170201524&w=2
(UNKNOWN)  BUGTRAQ  20020724 VNC authentication weakness
http://marc.info/?l=bugtraq&m=102769183913594&w=2
(UNKNOWN)  BUGTRAQ  20020726 RE: VNC authentication weakness
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
(UNKNOWN)  MANDRAKE  MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
(UNKNOWN)  REDHAT  RHSA-2002:287
http://www.redhat.com/support/errata/RHSA-2003-041.html
(UNKNOWN)  REDHAT  RHSA-2003:041
http://www.securityfocus.com/bid/5296
(UNKNOWN)  BID  5296
http://www.tightvnc.com/WhatsNew.txt
(UNKNOWN)  CONFIRM  http://www.tightvnc.com/WhatsNew.txt
http://xforce.iss.net/xforce/xfdb/5992
(VENDOR_ADVISORY)  XF  vnc-weak-authentication(5992)

- 漏洞信息

TightVNC重复信息可导致回放攻击漏洞
高危 设计错误
2002-12-11 00:00:00 2005-05-13 00:00:00
远程  
        
        TightVNC是一款由Constantin Kaplinsky分发和维护的VNC(Virtual Network Computing)软件,用于远程图形化的连接访问,可使用在Microsoft Windows及各种Unix类操作系统下。
        TightVNC在处理短时间快速连接时存在问题,远程攻击者可以利用这个漏洞监听网络获得应答信息,用窃听到的认证应答进行访问登录。
        TigthVNC如果在短时间内同时快速地收到几个不同连接请求,它可能会重复相同的DES挑战发送给客户端。如果攻击者窃听到网络通信,就可能使用听到的应答信息进行认证。
        此漏洞存在于UNIX下的TightVNC 1.2.1版本,其他版本也可能存在此漏洞,不过没有得到证实。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有合适的临时解决方法。
        厂商补丁:
        TightVNC
        --------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.tightvnc.com/

- 漏洞信息

6276
TightVNC Challenge String Re-use Weakness

- 漏洞描述

- 时间线

2002-07-24 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

TightVNC Repeated Challenge Replay Attack Vulnerability
Design Error 5296
Yes No
2002-07-24 12:00:00 2009-07-11 02:56:00
Discovered by jepler@unpythonic.net.

- 受影响的程序版本

TightVNC TightVNC 1.2.5
+ Mandriva Linux Mandrake 9.0
TightVNC TightVNC 1.2.4
TightVNC TightVNC 1.2.3
TightVNC TightVNC 1.2.2
TightVNC TightVNC 1.2.1
TightVNC TightVNC 1.2 .0
Avaya Labs Libsafe 1.2.2
AT&T VNC 3.3.6
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
AT&T VNC 3.3.5
AT&T VNC 3.3.4
AT&T VNC 3.3.3 R2
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
- Red Hat Linux 6.2
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i686
- RedHat Linux 7.2 i586
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i686
- RedHat Linux 7.1 i586
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i686
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
+ Sun Linux 5.0.7
+ Sun Linux 5.0
+ Sun LX50
AT&T VNC 3.3.3
- Apple Mac OS 9 9.0
- BSDI BSD/OS 4.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- HP HP-UX 11.11
+ Mandriva Linux Mandrake 7.2
- Microsoft Windows 2000 Professional
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 2.0
- RedHat Linux 7.0
- S.u.S.E. Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
TightVNC TightVNC 1.2.6

- 不受影响的程序版本

TightVNC TightVNC 1.2.6

- 漏洞讨论

TightVNC is a Virtual Network Computing (VNC) client and server, available for a number of platforms including Microsoft Windows and Linux.

TightVNC, has been reported to repeat DES challenges if multiple connections are initiated in rapid sequence. A network eavesdropper may repeat a previously witnessed response, and authenticate as a valid user.

This behavior has been reported in version 1.2.1 of TightVNC for Unix. Other versions may share this vulnerability, this has not however been confirmed.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Sun have released a security alert (Sun Alert ID:56161) to acknowledge this issue in Sun Linux 5. A workaround has been described in the workaround section of this BID to address this issue. Fixes are pending release. See referenced alert for further details.

Sun have made fixes available to address this issue in Sun Linux 5.0.7. Fixes are linked below.

Gentoo Linux has released an advisory. Users who have installed net-misc/vnc or net-misc/tightvnc are advised to upgrade by issuing the following commands:

emerge sync
emerge -u tightvnc
emerge clean

or

emerge sync
emerge -u vnc
emerge clean

Conectiva has released advisory CLA-2003:640 with fixes to address this issue. Security advisory CLSA-2003:670 has also been released containing a fix for CLEE 1.0, users are advised to upgrade as soon as possible.


TightVNC TightVNC 1.2 .0

TightVNC TightVNC 1.2.1

Avaya Labs Libsafe 1.2.2

TightVNC TightVNC 1.2.2

TightVNC TightVNC 1.2.3

TightVNC TightVNC 1.2.4

TightVNC TightVNC 1.2.5

AT&T VNC 3.3.3

AT&T VNC 3.3.3 R2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站