Security restrictions bypass in x11vnc - CVE-2020-29074
Published: November 26, 2020 / Updated: November 30, 2020
Vulnerability identifier: #VU48700
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-29074
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
x11vnc
x11vnc
Software vendor:
www.karlrunge.com
www.karlrunge.com
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to x11vnc creates shared memory segments with 0777 mode in scan.c. A local user run a specially crafted program to gain access to sensitive information, trigger denial of service or interfere with the VNC session of another user on the host.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.