Thread: Re: [Thinstation-developer] Xorg VNC Bug (was Xorg VNC Is Insecur e)
Brought to you by:
doncuppjr
From: Beaumont, K. <kev...@pr...> - 2006-07-25 08:57:11
|
Confirmed - 2.2rc4. Getting VNC password wrong remotely 5 times causes X to die. It's a denial of service issue, don't have time to investigate why it's happening though - probably a bug in the xvncserver I'd say. -----Original Message----- From: thi...@li... [mailto:thi...@li...] On Behalf Of Jeremy Parrish Sent: 25 July 2006 03:58 To: thi...@li... Subject: Re: [Thinstation-developer] Xorg VNC Bug (was Xorg VNC Is Insecure) Sorry if I'm pestering... but has anyone NOT been able to kill X on a ThinStation by giving vnc the wrong password 5 times? I'd like to know if I need to keep digging for the cause of this in my own build or if it's an issue for everyone. Thanks, Jeremy On 7/18/06, Jeremy Parrish <p.e...@gm...> wrote: > Here is the relevant part of Xorg.0.log. Note that I was attempting to > login via the web vnc client (port 5800) when I did this, but it also > behaves similarly when connecting via a "real" vnc client (port 5900). > > Has anyone confirmed this? I hope it's just me, but I fear it's not. > > -Jeremy > > On 7/18/06, Jeremy Parrish <p.e...@gm...> wrote: > > Speaking of VNC in ThinStation, I've just come across a seemingly major bug... > > > > If you type the wrong VNC password 5 times when trying to access a > > client, it will kill the client's X session. That is a Bad Thing. > > > > Can someone else verify this in rc4? > > > > -Jeremy > > > > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Thinstation-developer mailing list Thi...@li... https://lists.sourceforge.net/lists/listinfo/thinstation-developer ************************************************************************************** The information contained in this e-mail is private and confidential, may be legally privileged and/or protected by law and it is intended only for the use of the addressee. Any liability (in negligence or otherwise) arising from any third party taking any action or refraining from taking any action on any of the information contained in this e-mail is hereby excluded. If you are not the intended recipient please notify the sender immediately. Do not disclose the contents to any other person store or copy the information in any medium or use it for any purpose whatsoever. Copyright in this e-mail and any attachment created by us belongs to this company and we assert the right to be identified as such and object to any misuse. Any contract concluded by means of e-mail communications is expressly concluded subject to Princes Limited's current standard terms and conditions. A copy of these is available on request. ************************************************************************************** |