CVE-2006-2369

Publication date 15 May 2006

Last updated 24 July 2024

Ubuntu priority

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vnc4	7.04 feisty	Fixed 4.1.1+xorg1.0.2-0ubuntu4
	6.10 edgy	Fixed 4.1.1+xorg1.0.2-0ubuntu1.6.10.1
	6.06 LTS dapper	Fixed 4.1.1+xorg1.0.2-0ubuntu1.6.06

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2369