Bug 756841 (CVE-2020-29074)

Summary:	<x11-misc/x11vnc-0.9.16-r4: Insecure permissions on shm (CVE-2020-29074)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	alexander, proxy-maint
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
See Also:	https://github.com/gentoo/gentoo/pull/18432 https://github.com/gentoo/gentoo/pull/18797
Whiteboard:	B3 [noglsa cve]
Package list:	x11-misc/x11vnc-0.9.16-r4	Runtime testing required:	---

Description Sam James archtester

2020-11-26 16:39:45 UTC

"scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user."

Patch linked.

Comment 1 Sam James archtester

2020-11-26 16:40:19 UTC

Please apply the linked patch. Thanks!

Comment 2 Larry the Git Cow gentoo-dev

2020-12-07 07:36:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10d026e0af2445f2a4b6f922486795ede8ef4907

commit 10d026e0af2445f2a4b6f922486795ede8ef4907
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-11-27 16:50:50 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-12-07 07:34:45 +0000

    x11-misc/x11vnc: security bump for CVE-2020-29074
    
    Bug: https://bugs.gentoo.org/756841
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/18432
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 .../files/x11vnc-0.9.16-CVE-2020-29074.patch       | 25 +++++++
 x11-misc/x11vnc/x11vnc-0.9.16-r4.ebuild            | 81 ++++++++++++++++++++++
 2 files changed, 106 insertions(+)

Comment 3 John Helmert III archtester

2020-12-07 07:43:00 UTC

Please let us know when ready to stable.

Comment 4 Alexander Tsoy 2020-12-07 16:13:48 UTC

Please go ahead.

Comment 5 Rolf Eike Beer archtester

2020-12-10 19:26:29 UTC

sparc stable

Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev

2020-12-10 21:42:36 UTC

x86 stable

Comment 7 Sam James archtester

2020-12-11 22:10:09 UTC

arm done

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2020-12-11 23:24:07 UTC

ppc/ppc64 stable

Comment 9 Sam James archtester

2020-12-15 10:35:29 UTC

amd64 done

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2020-12-23 22:48:26 UTC

hppa stable

Last arch. Closing.

Comment 11 Sam James archtester

2020-12-23 22:49:24 UTC

Please cleanup, thanks!

Comment 12 Larry the Git Cow gentoo-dev

2020-12-26 20:54:44 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=247076038706da75eea7ecc2ba423b87cd0eead0

commit 247076038706da75eea7ecc2ba423b87cd0eead0
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-12-23 22:53:30 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-12-26 20:54:19 +0000

    x11-misc/x11vnc: security cleanup
    
    Bug: https://bugs.gentoo.org/756841
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/18797
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 x11-misc/x11vnc/x11vnc-0.9.16-r2.ebuild | 75 -------------------------------
 x11-misc/x11vnc/x11vnc-0.9.16-r3.ebuild | 80 ---------------------------------
 2 files changed, 155 deletions(-)

Comment 13 Sam James archtester

2020-12-26 21:00:27 UTC

Thanks!

Comment 14 Thomas Deutschmann (RETIRED) gentoo-dev

2021-05-24 13:59:43 UTC

GLSA Vote: No

Repository is clean, all done!