CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
x11vnc_projectx11vnc
0.9.16
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
x11vnc
bullseye
0.9.16-7
fixed
bookworm
0.9.16-9
fixed
sid
0.9.16-10
fixed
trixie
0.9.16-10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
x11vnc
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
ignored
focal
needed
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
https://lists.debian.org/debian-lts-announce/2020/12/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2FLWSVH32O6JXLRQBYDQLP7XRSTLUPQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MHVXHZE3YIP4RTWGQ24IDBSW44XPRDOC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/
https://www.debian.org/security/2020/dsa-4799
https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
https://lists.debian.org/debian-lts-announce/2020/12/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2FLWSVH32O6JXLRQBYDQLP7XRSTLUPQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MHVXHZE3YIP4RTWGQ24IDBSW44XPRDOC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/
https://www.debian.org/security/2020/dsa-4799