tags 672435 security thanks On Fri, 11 May 2012 11:12:46 +0900 Ryo IGARASHI <rigar...@gmail.com> wrote: > Today I found that the option -localhost does not restrict ipv6 access to > ::1(localhost). > Looking at the -localhost option section of 'man x11vnc', the ipv6 access > seems to > be restricted to ::1 (loopback) as well. However, the output of 'netstat -ln' > shows: > > $ netstat -ln > Proto Recv-Q Send-Q Local Address Foreign Address State > ... > tcp6 0 0 :::5900 :::* LISTEN > ...
I've just verified that bug with the current version in jessie. x11vnc -localhost -create netstat -lntp | grep 5900 tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN - tcp6 0 0 :::5900 :::* LISTEN - The manpage states -localhost [...] IPv6: if IPv6 is supported, this option automatically implies the IPv6 loopback address '::1' as well. This bug should be treated as a SECURITY relevant bug. Offering VNC services on the network interface while claiming that it is only accessible via loopback is really bad. Thomas
