Re: [Xf4vnc-devel] [Thinstation-developer] [Fwd: Re: Xorg VNC Bug (was Xorg VNC Is Insecur e)]
Brought to you by:
alanh
From: Mike E. <thi...@gm...> - 2006-07-25 12:03:00
|
On 7/25/06, Miles Roper <mr...@xt...> wrote: > > its xorgvnc (inbult vnc server module in xorg) which is causing problem, > not real vnc. Ah! Got that wrong... Mike Mike Eriksen wrote: > On 7/25/06, Miles Roper <mr...@xt...> wrote: > >> > >> just passing on the below bug report > >> > >> -------- Original Message -------- > >> Subject: Re: [Thinstation-developer] Xorg VNC Bug (was Xorg VNC Is > >> Insecur e) > >> Date: Tue, 25 Jul 2006 09:51:18 +0100 > >> From: Beaumont, Kevin <kev...@pr...> > >> To: thi...@li... > >> > >> Confirmed - 2.2rc4. Getting VNC password wrong remotely 5 times causes > X > >> to > >> die. It's a denial of service issue, don't have time to investigate > why > >> it's happening though - probably a bug in the xvncserver I'd say. > > > > > > I mistook a rc1 boot CD for being a rc4, starting up in icewm. Starting > > vncviewer from the desktop icon. No problem here. After 6 or 7 (more > > than 5) > > the server responds in a dialog box "Too many security failures". Ther > > server is a win2k, running RealVNC 4.1.1. > > > > Mike > > > > > > > > > > -----Original Message----- > >> From: thi...@li... > >> [mailto:thi...@li...] On Behalf > Of > >> Jeremy Parrish > >> Sent: 25 July 2006 03:58 > >> To: thi...@li... > >> Subject: Re: [Thinstation-developer] Xorg VNC Bug (was Xorg VNC Is > >> Insecure) > >> > >> Sorry if I'm pestering... but has anyone NOT been able to kill X on a > >> ThinStation by giving vnc the wrong password 5 times? I'd like to know > >> if I need to keep digging for the cause of this in my own build or if > >> it's an issue for everyone. > >> > >> Thanks, > >> > >> Jeremy > >> > >> On 7/18/06, Jeremy Parrish <p.e...@gm...> wrote: > >> > Here is the relevant part of Xorg.0.log. Note that I was attempting > to > >> > login via the web vnc client (port 5800) when I did this, but it also > >> > behaves similarly when connecting via a "real" vnc client (port > 5900). > >> > > >> > Has anyone confirmed this? I hope it's just me, but I fear it's not. > >> > > >> > -Jeremy > >> > > >> > On 7/18/06, Jeremy Parrish <p.e...@gm...> wrote: > >> > > Speaking of VNC in ThinStation, I've just come across a seemingly > >> major > >> bug... > >> > > > >> > > If you type the wrong VNC password 5 times when trying to access a > >> > > client, it will kill the client's X session. That is a Bad Thing. > >> > > > >> > > Can someone else verify this in rc4? > >> > > > >> > > -Jeremy > >> > > > >> > > >> > > >> > > >> > >> > ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >> your > >> opinions on IT & business topics through brief surveys -- and earn cash > >> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> Thinstation-developer mailing list > >> Thi...@li... > >> https://lists.sourceforge.net/lists/listinfo/thinstation-developer > >> > >> > >> > ************************************************************************************** > >> > >> The information contained in this e-mail is private and confidential, > may > >> be legally privileged and/or protected by law and it is intended only > for > >> the use of the addressee. > >> Any liability (in negligence or otherwise) arising from any third party > >> taking any action or refraining from taking any action on any of the > >> information contained in this e-mail is hereby excluded. If you are not > >> the intended recipient please notify the sender immediately. > >> Do not disclose the contents to any other person store or copy the > >> information in any medium or use it for any purpose whatsoever. > >> Copyright in this e-mail and any attachment created by us belongs to > this > >> company and we assert the right to be identified as such and object to > >> any > >> misuse. > >> Any contract concluded by means of e-mail communications is expressly > >> concluded subject to Princes Limited's current standard terms and > >> conditions. > >> A copy of these is available on request. > >> > >> > ************************************************************************************** > >> > >> > >> > ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >> your > >> opinions on IT & business topics through brief surveys -- and earn cash > >> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> Thinstation-developer mailing list > >> Thi...@li... > >> https://lists.sourceforge.net/lists/listinfo/thinstation-developer > >> > >> > >> > ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >> your > >> opinions on IT & business topics through brief surveys -- and earn cash > >> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> Thinstation-developer mailing list > >> Thi...@li... > >> https://lists.sourceforge.net/lists/listinfo/thinstation-developer > >> > > > > > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > > opinions on IT & business topics through brief surveys -- and earn cash > > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Thinstation-developer mailing list > > Thi...@li... > > https://lists.sourceforge.net/lists/listinfo/thinstation-developer > > -- Thinstation FAQ maintainer http://thinstation.sourceforge.net - a light, full featured linux based thin client OS |