CVE-2020-29074 Information

Jun 07, 2022 cve

Description

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls which allows access by actors other than the current user.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a https://www.debian.org/security/2020/dsa-4799 https://lists.debian.org/debian-lts-announce/2020/12/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MHVXHZE3YIP4RTWGQ24IDBSW44XPRDOC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2FLWSVH32O6JXLRQBYDQLP7XRSTLUPQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: