http://bugzilla.opensuse.org/show_bug.cgi?id=1023012 Bug ID: 1023012 Summary: vncserver vulnerable by remote attackers Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: X.Org Assignee: xorg-maintainer-bugs@forge.provo.novell.com Reporter: sweet_f_a@gmx.de QA Contact: xorg-maintainer-bugs@forge.provo.novell.com Found By: --- Blocker: --- Two days ago a random guy from Russia crashed my vnc server. I'm using xorg-x11-Xvnc-1.6.0-6.1.x86_64 on Leap 42.2 Mon Jan 30 14:46:37 2017 TLS: TLS Handshake failed: Could not negotiate a supported cipher suite. TLS: TLS session wasn't terminated gracefully SConnection: AuthFailureException: TLS Handshake failed Connections: closed: 95.131.24.212::58701 (TLS Handshake failed) EncodeManager: Framebuffer updates: 0 EncodeManager: Total: 0 rects, 0 pixels EncodeManager: 0 B (1:-nan ratio) Connections: accepted: 95.131.24.212::59481 SConnection: Client needs protocol version 3.8 SConnection: Client requests security type VeNCrypt(19) SVeNCrypt: Client requests security type TLSVnc (258) (EE) (EE) Backtrace: (EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x48) [0x5af628] (EE) 1: /usr/bin/Xvnc (0x400000+0x1b35a9) [0x5b35a9] (EE) 2: /lib64/libc.so.6 (0x7f9364f13000+0x34950) [0x7f9364f47950] (EE) 3: /lib64/libpthread.so.0 (pthread_mutex_lock+0x4) [0x7f93641d1704] (EE) 4: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0x479cc) [0x7f9366b209cc] (EE) 5: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0xd9387) [0x7f9366bb2387] (EE) 6: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0xd7499) [0x7f9366bb0499] (EE) 7: /usr/lib64/libgnutls.so.28 (gnutls_dh_params_generate2+0x19) [0x7f9366b1fab9] (EE) 8: /usr/bin/Xvnc (_ZN3rfb12SSecurityTLS9setParamsEP18gnutls_session_int+0x9c) [0x53955c] (EE) 9: /usr/bin/Xvnc (_ZN3rfb12SSecurityTLS10processMsgEPNS_11SConnectionE+0x160) [0x5399d0] (EE) 10: /usr/bin/Xvnc (_ZN3rfb14SSecurityStack10processMsgEPNS_11SConnectionE+0x24) [0x5344c4] (EE) 11: /usr/bin/Xvnc (_ZN3rfb17SSecurityVeNCrypt10processMsgEPNS_11SConnectionE+0x20d) [0x53511d] (EE) 12: /usr/bin/Xvnc (_ZN3rfb11SConnection18processSecurityMsgEv+0x2c) [0x52d9ec] (EE) 13: /usr/bin/Xvnc (_ZN3rfb16VNCSConnectionST15processMessagesEv+0x87) [0x538347] (EE) 14: /usr/bin/Xvnc (_ZN14XserverDesktop17readWakeupHandlerEP6fd_seti+0x20b) [0x51a9bb] (EE) 15: /usr/bin/Xvnc (vncCallReadWakeupHandlers+0x2a) [0x511f1a] (EE) 16: /usr/bin/Xvnc (0x400000+0x11887c) [0x51887c] (EE) 17: /usr/bin/Xvnc (WakeupHandler+0x6d) [0x563fad] (EE) 18: /usr/bin/Xvnc (WaitForSomething+0x209) [0x5ac949] (EE) 19: /usr/bin/Xvnc (Dispatch+0xa0) [0x55f4d0] (EE) 20: /usr/bin/Xvnc (dix_main+0x39a) [0x56349a] (EE) 21: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x7f9364f336e5] (EE) 22: /usr/bin/Xvnc (_start+0x29) [0x4525f9] (EE) (EE) Segmentation fault at address 0x10 (EE) Fatal server error: (EE) Caught signal 11 (Segmentation fault). Server aborting (EE) -- You are receiving this mail because: You are on the CC list for the bug.