Package: vnc4server Version: 4.1.1+X4.3.0-37 Severity: normal A repeated bad login generates a blacklist against 0.0.0.0 - but it should be against the remote IP address. If a user then tries to connect from a different IP, they will find that they are blacklisted. A series of bad logins from any IP can then generate a DoS against vnc4server.
The vnc server log of connection attempts: >Wed Aug 10 12:37:46 2011 > vncext: VNC extension running! > vncext: Listening for VNC connections on port 5901 > vncext: created VNC server for screen 0 >error opening security policy file /etc/X11/xserver/SecurityPolicy >Could not init font path element /usr/share/fonts/X11/cyrillic, >removing from list! >Could not init font path element built-ins, removing from list! > >Wed Aug 10 12:38:00 2011 > Connections: accepted: 0.0.0.0::51060 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VncAuth(2) > SConnection: AuthFailureException: Authentication failure > Connections: closed: 0.0.0.0::51060 (Authentication failure) > >Wed Aug 10 12:38:02 2011 > Connections: accepted: 0.0.0.0::51061 > >Wed Aug 10 12:38:03 2011 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VncAuth(2) > SConnection: AuthFailureException: Authentication failure > Connections: closed: 0.0.0.0::51061 (Authentication failure) > Connections: accepted: 0.0.0.0::51062 > >Wed Aug 10 12:38:04 2011 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VncAuth(2) > SConnection: AuthFailureException: Authentication failure > Connections: closed: 0.0.0.0::51062 (Authentication failure) > Connections: accepted: 0.0.0.0::51063 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VncAuth(2) > SConnection: AuthFailureException: Authentication failure > Connections: closed: 0.0.0.0::51063 (Authentication failure) > >Wed Aug 10 12:38:05 2011 > Connections: accepted: 0.0.0.0::51064 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VncAuth(2) > SConnection: AuthFailureException: Authentication failure > Connections: closed: 0.0.0.0::51064 (Authentication failure) > >Wed Aug 10 12:38:06 2011 > Connections: blacklisted: 0.0.0.0 > >Wed Aug 10 12:38:07 2011 > Connections: blacklisted: 0.0.0.0 > >Wed Aug 10 12:38:08 2011 > Connections: blacklisted: 0.0.0.0 > >Wed Aug 10 12:38:10 2011 > Connections: blacklisted: 0.0.0.0 > Comes from a different IP Address, but is blacklisted anyway! >Wed Aug 10 12:38:14 2011 > Connections: blacklisted: 0.0.0.0 - System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (900, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vnc4server depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libgcc1 1:4.4.5-8 GCC support library ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxtst6 2:1.1.0-3 X11 Testing -- Record extension li ii x11-common 1:7.5+8 X Window System (X.Org) infrastruc ii xbase-clients 1:7.5+8 miscellaneous X clients - metapack ii xserver-common 2:1.7.7-13 common files used by various X ser ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages vnc4server recommends: ii xfonts-base 1:1.0.1 standard fonts for X Versions of packages vnc4server suggests: pn vnc-java <none> (no description available) -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
