Detections
Analytics
RealVNC < 5.0.7 Multiple Local Privilege Escalations
high Nessus Plugin ID 71884
Language:
Synopsis
The remote host has a remote control application that is affected by multiple local privilege escalation vulnerabilities.Description
The version of RealVNC on the remote host is earlier than 5.0.7. As such, it is affected by multiple privilege escalation vulnerabilities :- A local privilege escalation vulnerability exists that is triggered by a specially crafted argument to the vncserver-x11 binary on UNIX / Linux. (CVE-2013-6886)
- A local privilege escalation vulnerability exists that is triggered by a specially crafted argument to the Xvnc binary on UNIX / Linux. (CVE-2013-6886)
- A local privilege escalation vulnerability exists that is triggered by a specially crafted argument to the vncserver binary on Mac OS X. (CVE-2013-6886)
Solution
Upgrade to RealVNC 5.0.7 or later.See Also
http://www.realvnc.com/products/vnc/documentation/5.0/release-notes/
Plugin Details
Severity: High
ID: 71884
File Name: realvnc_5_0_7.nasl
Version: 1.4
Type: remote
Family: Misc.
Published: 1/9/2014
Updated: 7/25/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:realvnc:realvnc
Required KB Items: Host/RealVNC_Java_Viewer
Exploit Ease: No known exploits are available
Patch Publication Date: 12/19/2013
Vulnerability Publication Date: 12/19/2013
Reference Information
CVE: CVE-2013-6886
BID: 64560