Libvncserver · X11Vnc · CVE-2020-29074
Name of the Vulnerable Software and Affected Versions:
x11vnc version 0.9.16
Description:
The issue is related to the scan.c component of the X11vnc VNC server, which lacks an authorization mechanism. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is due to the use of IPC CREAT|0777 in shmget calls, which permits access by actors other than the current user.
Recommendations:
For x11vnc version 0.9.16, consider restricting access to the vulnerable `scan.c` component until a patch is available. As a temporary workaround, restrict the use of the `shmget` function with IPC CREAT|0777 permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.