PT-2013-1387 · Gnome+3 · Vino+3

Robert Townley

Published

2013-01-21

Updated

2013-03-19

CVE-2011-1165

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Vino versions prior to 3.2

Description The issue is related to the "Configure network to automatically accept connections" setting. When this setting is enabled, Vino opens ports in UPnP routers, but it does not properly document this behavior. This lack of documentation might make it easier for remote attackers to perform further attacks.

Recommendations For versions prior to 3.2, consider disabling the "Configure network to automatically accept connections" setting to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0169

CVE-2011-1165

RHSA-2013:0169

RHSA-2013_0169

Affected Products

Centos

Debian

Red Hat

Vino

PT-2013-1387 · Gnome+3 · Vino+3

CVE-2011-1165

Related Identifiers

Affected Products

References · 28