x11vnc: wrong permissions to shared memory (CVE-2020-29074)
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-29074
Patch:
https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
Affected branches:
-
master -
3.12-stable
Edited by Leo