CVE-2020-29074

Name of the Vulnerable Software and Affected Versions: x11vnc version 0.9.16

Description: The issue is related to the scan.c component of the X11vnc VNC server, which lacks an authorization mechanism. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is due to the use of IPC CREAT|0777 in shmget calls, which permits access by actors other than the current user.

Recommendations: For x11vnc version 0.9.16, consider restricting access to the vulnerable scan.c component until a patch is available. As a temporary workaround, restrict the use of the shmget function with IPC CREAT|0777 permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.