CVE Vulnerabilities

CVE-2002-1511

Published: Mar 03, 2003 | Modified: Nov 20, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

Affected Software

Name Vendor Start Version End Version
Vnc Att 3.3.3 (including) 3.3.3 (including)
Vnc Att 3.3.3r2 (including) 3.3.3r2 (including)
Vnc Att 3.3.4 (including) 3.3.4 (including)
Vnc Att 3.3.5 (including) 3.3.5 (including)
Vnc Att 3.3.6 (including) 3.3.6 (including)
Tightvnc Tightvnc 1.2.0 (including) 1.2.0 (including)
Tightvnc Tightvnc 1.2.1 (including) 1.2.1 (including)
Tightvnc Tightvnc 1.2.2 (including) 1.2.2 (including)
Tightvnc Tightvnc 1.2.3 (including) 1.2.3 (including)
Tightvnc Tightvnc 1.2.4 (including) 1.2.4 (including)
Tightvnc Tightvnc 1.2.5 (including) 1.2.5 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 RedHat *
Red Hat Linux 7.0 RedHat *
Red Hat Linux 7.1 RedHat *
Red Hat Linux 7.2 RedHat *
Red Hat Linux 7.3 RedHat *
Red Hat Linux 8.0 RedHat *

References