SB2012100123 - Information disclosure in Vino

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2012-4429)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.

Remediation

Install update from vendor's website.

References

• http://rhn.redhat.com/errata/RHSA-2013-0169.html
• http://secunia.com/advisories/50527
• http://www.openwall.com/lists/oss-security/2012/09/13/25
• http://www.openwall.com/lists/oss-security/2012/09/14/1
• http://www.securityfocus.com/bid/55548
• http://www.ubuntu.com/usn/USN-1701-1
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78602