Vulnerability CVE-2011-1775: Information

Description

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.

Severity: MEDIUM (5.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2011-1775
Published: May 26, 2011
Modified: Feb. 13, 2023
Error type identifier: CWE-20

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=702470
    https://bugzilla.redhat.com/show_bug.cgi?id=702672
      [oss-security] 20110509 Re: CVE request: tigervnc
        FEDORA-2011-6838
          [oss-security] 20110506 CVE request: tigervnc
            47738
              44939
                RHSA-2011:0871
                  http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.html
                    http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.html
                      http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.html

                          1. Configuration 1

                            cpe:2.3:a:tigervnc:tigervnc:1.1:beta1:*:*:*:*:*:*
                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                        Version: v24.4.2
                        Back to top