[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1165Date: (C)2013-03-15   (M)2023-12-22


Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
RHSA-2013:0169
http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566
http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40
https://bugzilla.gnome.org/show_bug.cgi?id=594521
https://bugzilla.redhat.com/show_bug.cgi?id=678846

CPE    103
cpe:/a:david_king:vino:2.26.2
cpe:/a:david_king:vino:2.26.1
cpe:/a:david_king:vino:2.22.2
cpe:/a:david_king:vino:2.22.1
...
OVAL    3
oval:org.secpod.oval:def:1500072
oval:org.secpod.oval:def:500951
oval:org.secpod.oval:def:202530

© SecPod Technologies