SB2013031303 - Input validation error in Vino
Published: March 13, 2013 Updated: August 11, 2020
Security Bulletin ID
SB2013031303
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2011-1165)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
Remediation
Install update from vendor's website.
References
- http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566
- http://rhn.redhat.com/errata/RHSA-2013-0169.html
- http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40
- https://bugzilla.gnome.org/show_bug.cgi?id=594521
- https://bugzilla.redhat.com/show_bug.cgi?id=678846