CVE-2020-29074

NameCVE-2020-29074
Descriptionscan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2490-1, DSA-4799-1
NVD severitymedium
Debian Bugs975875

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
x11vnc (PTS)stretch0.9.13-2+deb9u1vulnerable
stretch (security)0.9.13-2+deb9u2fixed
buster, buster (security)0.9.13-6+deb10u1fixed
bookworm, sid, bullseye0.9.16-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
x11vncsourcestretch0.9.13-2+deb9u2DLA-2490-1
x11vncsourcebuster0.9.13-6+deb10u1DSA-4799-1
x11vncsource(unstable)0.9.16-5975875

Notes

https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a

Search for package or bug name: Reporting problems