Bug ID 1023012
Summary vncserver vulnerable by remote attackers
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Critical
Priority P5 - None
Component X.Org
Assignee xorg-maintainer-bugs@forge.provo.novell.com
Reporter sweet_f_a@gmx.de
QA Contact xorg-maintainer-bugs@forge.provo.novell.com
Found By ---
Blocker --- 

Two days ago a random guy from Russia crashed my vnc server.
I'm using xorg-x11-Xvnc-1.6.0-6.1.x86_64 on Leap 42.2


Mon Jan 30 14:46:37 2017
 TLS:        TLS Handshake failed: Could not negotiate a supported cipher
              suite.
 TLS:        TLS session wasn't terminated gracefully
 SConnection: AuthFailureException: TLS Handshake failed
 Connections: closed: 95.131.24.212::58701 (TLS Handshake failed)
 EncodeManager: Framebuffer updates: 0
 EncodeManager:  Total: 0 rects, 0 pixels
 EncodeManager:          0 B (1:-nan ratio)
 Connections: accepted: 95.131.24.212::59481
 SConnection: Client needs protocol version 3.8
 SConnection: Client requests security type VeNCrypt(19)
 SVeNCrypt:  Client requests security type TLSVnc (258)
(EE)
(EE) Backtrace:
(EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x48) [0x5af628]
(EE) 1: /usr/bin/Xvnc (0x400000+0x1b35a9) [0x5b35a9]
(EE) 2: /lib64/libc.so.6 (0x7f9364f13000+0x34950) [0x7f9364f47950]
(EE) 3: /lib64/libpthread.so.0 (pthread_mutex_lock+0x4) [0x7f93641d1704]
(EE) 4: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0x479cc) [0x7f9366b209cc]
(EE) 5: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0xd9387) [0x7f9366bb2387]
(EE) 6: /usr/lib64/libgnutls.so.28 (0x7f9366ad9000+0xd7499) [0x7f9366bb0499]
(EE) 7: /usr/lib64/libgnutls.so.28 (gnutls_dh_params_generate2+0x19)
[0x7f9366b1fab9]
(EE) 8: /usr/bin/Xvnc
(_ZN3rfb12SSecurityTLS9setParamsEP18gnutls_session_int+0x9c) [0x53955c]
(EE) 9: /usr/bin/Xvnc
(_ZN3rfb12SSecurityTLS10processMsgEPNS_11SConnectionE+0x160) [0x5399d0]
(EE) 10: /usr/bin/Xvnc
(_ZN3rfb14SSecurityStack10processMsgEPNS_11SConnectionE+0x24) [0x5344c4]
(EE) 11: /usr/bin/Xvnc
(_ZN3rfb17SSecurityVeNCrypt10processMsgEPNS_11SConnectionE+0x20d) [0x53511d]
(EE) 12: /usr/bin/Xvnc (_ZN3rfb11SConnection18processSecurityMsgEv+0x2c)
[0x52d9ec]
(EE) 13: /usr/bin/Xvnc (_ZN3rfb16VNCSConnectionST15processMessagesEv+0x87)
[0x538347]
(EE) 14: /usr/bin/Xvnc (_ZN14XserverDesktop17readWakeupHandlerEP6fd_seti+0x20b)
[0x51a9bb]
(EE) 15: /usr/bin/Xvnc (vncCallReadWakeupHandlers+0x2a) [0x511f1a]
(EE) 16: /usr/bin/Xvnc (0x400000+0x11887c) [0x51887c]
(EE) 17: /usr/bin/Xvnc (WakeupHandler+0x6d) [0x563fad]
(EE) 18: /usr/bin/Xvnc (WaitForSomething+0x209) [0x5ac949]
(EE) 19: /usr/bin/Xvnc (Dispatch+0xa0) [0x55f4d0]
(EE) 20: /usr/bin/Xvnc (dix_main+0x39a) [0x56349a]
(EE) 21: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x7f9364f336e5]
(EE) 22: /usr/bin/Xvnc (_start+0x29) [0x4525f9]
(EE)
(EE) Segmentation fault at address 0x10
(EE)
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)

You are receiving this mail because: