Fluid Attacks Database

Description

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	tigervnc	<0:1.0.90-0.15.20110314svn4359.el6_1.1	0:1.0.90-0.15.20110314svn4359.el6_1.1

Aliases

1. CVE-2011-17752. NVD-2011-17753. OSV-2011-1775

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.