CVE-2011-1165
First published: Sun Feb 20 2011(Updated: )
Created <span class=""><a href="attachment.cgi?id=479752" name="attach_479752" title="Screenshot of what UPnP means.">attachment 479752</a> <a href="attachment.cgi?id=479752&action=edit" title="Screenshot of what UPnP means.">[details]</a></span> Screenshot of what UPnP means. Description of problem: System ---> Preferences ---> Remote Desktop does not sufficiently warn that UPnP is being used to open ports on your router. When end user is testing, he very well may disables confirmation and password. Because there is no very explicit UPnP warning, he just unwittingly enabled anybody on the internet to connect to his desktop. Version-Release number of selected component (if applicable): vino 2.32.0-1.fc14 How reproducible: parts always, UPnP success at opening router port varies. Sometimes, it successfully opens a port, other times it does not. Steps to Reproduce: 1.System --> Preferences --> Remote Desktop 2.uncheck confirmation, uncheck password 3.check "Configure network to automatically accept connections." Actual results: Changed router configuration without telling user. Expose machine to internet usage with no password and no confirmation. Expected results: Text should be more explicit that this uses UPnP. The pop up message mentions UPnP, but it at least should be a red warning. Especially when no confirmation and no password is required. Additional info: All machines tested have multiple NICs. selinux enabled. iptables turned off. It may take several attempts to open up ports on router using UPnP. Not sure what happens upon reboot of workstation and router -- UPnP may work to open ports that were not open before.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| David King Vino | =2.23.5 | |
| David King Vino | =2.21.92 | |
| David King Vino | =2.23 | |
| David King Vino | =2.17.92 | |
| David King Vino | =2.19.5 | |
| David King Vino | =3.1.5 | |
| David King Vino | =2.32.0 | |
| David King Vino | =2.19 | |
| David King Vino | =2.27.5 | |
| David King Vino | =3.0.1 | |
| David King Vino | =2.22 | |
| David King Vino | =2.32.1 | |
| David King Vino | =2.25.91 | |
| David King Vino | =2.23.92 | |
| David King Vino | =2.21.2 | |
| David King Vino | =2.11.1.2 | |
| David King Vino | =2.25.3 | |
| David King Vino | =2.31.91 | |
| David King Vino | =2.11.1 | |
| David King Vino | =2.18 | |
| David King Vino | =2.21.1 | |
| David King Vino | =2.10 | |
| David King Vino | =2.7.92 | |
| David King Vino | =2.7.91 | |
| David King Vino | =2.24.1 | |
| David King Vino | =2.7.4.91 | |
| David King Vino | =2.28.2 | |
| David King Vino | =3.1.90 | |
| David King Vino | =2.26.2 | |
| David King Vino | =2.7.3.1 | |
| David King Vino | =2.19.92 | |
| David King Vino | =2.11.92 | |
| David King Vino | =2.11 | |
| David King Vino | =2.99.2 | |
| David King Vino | =2.25.92 | |
| David King Vino | =3.0.0 | |
| David King Vino | =2.20.1 | |
| David King Vino | =2.27.90 | |
| David King Vino | =2.27 | |
| David King Vino | =3.1.1 | |
| David King Vino | =2.31.4 | |
| David King Vino | =2.16 | |
| David King Vino | =3.1 | |
| David King Vino | =2.8.1 | |
| David King Vino | =2.7.3 | |
| David King Vino | =2.7.4 | |
| David King Vino | =2.13.5 | |
| David King Vino | =2.24 | |
| David King Vino | =2.11.1.1 | |
| David King Vino | =3.1.91 | |
| David King Vino | =0.14 | |
| David King Vino | =2.11.90 | |
| David King Vino | =2.28.1 | |
| David King Vino | =2.7.4.90 | |
| David King Vino | =2.23.91 | |
| David King Vino | =2.26 | |
| David King Vino | =2.99.0 | |
| David King Vino | =2.8.0.1 | |
| David King Vino | =2.17.4 | |
| David King Vino | =2.99.3 | |
| David King Vino | =2.99.1 | |
| David King Vino | =2.25.4 | |
| David King Vino | =2.27.92 | |
| David King Vino | =3.1.2 | |
| David King Vino | =2.14 | |
| David King Vino | =2.9 | |
| David King Vino | =2.13 | |
| David King Vino | =2.7.90 | |
| David King Vino | =2.21 | |
| David King Vino | =2.28.3 | |
| David King Vino | =0.12 | |
| David King Vino | =2.26.1 | |
| David King Vino | =2.28 | |
| David King Vino | =2.17 | |
| David King Vino | =2.7 | |
| David King Vino | =3.0.3 | |
| David King Vino | =2.25.90 | |
| David King Vino | =2.9.2 | |
| David King Vino | =2.12 | |
| David King Vino | =2.21.91 | |
| David King Vino | =2.20 | |
| David King Vino | =3.1.3 | |
| David King Vino | =2.32.2 | |
| David King Vino | =2.21.3 | |
| David King Vino | =2.17.5 | |
| David King Vino | =3.0.2 | |
| David King Vino | =2.25 | |
| David King Vino | =2.27.91 | |
| David King Vino | =2.8.0 | |
| David King Vino | =2.8 | |
| David King Vino | =2.25.5 | |
| David King Vino | =2.22.2 | |
| David King Vino | =2.21.90 | |
| David King Vino | =2.18.1 | |
| David King Vino | =2.99.5 | |
| David King Vino | =3.1.4 | |
| David King Vino | =2.17.2 | |
| David King Vino | =2.99.4 | |
| David King Vino | =2.22.1 | |
| David King Vino | =2.23.90 | |
| David King Vino | =2.19.90 | |
| David King Vino | <=3.1.92 | |
| David King Vino | =2.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.gnome.org/show_bug.cgi?id=594521
- http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40
- http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566
- https://bugzilla.redhat.com/show_bug.cgi?id=678846
- http://rhn.redhat.com/errata/RHSA-2013-0169.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=479752
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=479752&action=edit
- https://rhn.redhat.com/errata/RHSA-2013-0169.html
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1165
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/trending
- vendor/david king
- canonical/david king vino
- version/david king vino/2.23.5
- version/david king vino/2.21.92
- version/david king vino/2.23
- version/david king vino/2.17.92
- version/david king vino/2.19.5
- version/david king vino/3.1.5
- version/david king vino/2.32.0
- version/david king vino/2.19
- version/david king vino/2.27.5
- version/david king vino/3.0.1
- version/david king vino/2.22
- version/david king vino/2.32.1
- version/david king vino/2.25.91
- version/david king vino/2.23.92
- version/david king vino/2.21.2
- version/david king vino/2.11.1.2
- version/david king vino/2.25.3
- version/david king vino/2.31.91
- version/david king vino/2.11.1
- version/david king vino/2.18
- version/david king vino/2.21.1
- version/david king vino/2.10
- version/david king vino/2.7.92
- version/david king vino/2.7.91
- version/david king vino/2.24.1
- version/david king vino/2.7.4.91
- version/david king vino/2.28.2
- version/david king vino/3.1.90
- version/david king vino/2.26.2
- version/david king vino/2.7.3.1
- version/david king vino/2.19.92
- version/david king vino/2.11.92
- version/david king vino/2.11
- version/david king vino/2.99.2
- version/david king vino/2.25.92
- version/david king vino/3.0.0
- version/david king vino/2.20.1
- version/david king vino/2.27.90
- version/david king vino/2.27
- version/david king vino/3.1.1
- version/david king vino/2.31.4
- version/david king vino/2.16
- version/david king vino/3.1
- version/david king vino/2.8.1
- version/david king vino/2.7.3
- version/david king vino/2.7.4
- version/david king vino/2.13.5
- version/david king vino/2.24
- version/david king vino/2.11.1.1
- version/david king vino/3.1.91
- version/david king vino/0.14
- version/david king vino/2.11.90
- version/david king vino/2.28.1
- version/david king vino/2.7.4.90
- version/david king vino/2.23.91
- version/david king vino/2.26
- version/david king vino/2.99.0
- version/david king vino/2.8.0.1
- version/david king vino/2.17.4
- version/david king vino/2.99.3
- version/david king vino/2.99.1
- version/david king vino/2.25.4
- version/david king vino/2.27.92
- version/david king vino/3.1.2
- version/david king vino/2.14
- version/david king vino/2.9
- version/david king vino/2.13
- version/david king vino/2.7.90
- version/david king vino/2.21
- version/david king vino/2.28.3
- version/david king vino/0.12
- version/david king vino/2.26.1
- version/david king vino/2.28
- version/david king vino/2.17
- version/david king vino/2.7
- version/david king vino/3.0.3
- version/david king vino/2.25.90
- version/david king vino/2.9.2
- version/david king vino/2.12
- version/david king vino/2.21.91
- version/david king vino/2.20
- version/david king vino/3.1.3
- version/david king vino/2.32.2
- version/david king vino/2.21.3
- version/david king vino/2.17.5
- version/david king vino/3.0.2
- version/david king vino/2.25
- version/david king vino/2.27.91
- version/david king vino/2.8.0
- version/david king vino/2.8
- version/david king vino/2.25.5
- version/david king vino/2.22.2
- version/david king vino/2.21.90
- version/david king vino/2.18.1
- version/david king vino/2.99.5
- version/david king vino/3.1.4
- version/david king vino/2.17.2
- version/david king vino/2.99.4
- version/david king vino/2.22.1
- version/david king vino/2.23.90
- version/david king vino/2.19.90
- version/david king vino/3.1.92
- version/david king vino/2.15