SB2020120904 - Security restrictions bypass in x11vnc (Alpine package)
Published: December 9, 2020
Security Bulletin ID
SB2020120904
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2020-29074)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to x11vnc creates shared memory segments with 0777 mode in scan.c. A local user run a specially crafted program to gain access to sensitive information, trigger denial of service or interfere with the VNC session of another user on the host.
Remediation
Install update from vendor's website.