GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 09, 2009 8:26 pm Post subject: [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbi |
|
|
Gentoo Linux Security Advisory
Title: Real VNC: User-assisted execution of arbitrary code (GLSA 200903-17)
Severity: normal
Exploitable: remote
Date: March 09, 2009
Bug(s): #255225
ID: 200903-17
Synopsis
The Real VNC client is vulnerable to execution of arbitrary code when
connecting to a malicious server.
Background
Real VNC is a remote desktop viewer display system.
Affected Packages
Package: net-misc/vnc
Vulnerable: < 4.1.3
Unaffected: >= 4.1.3
Architectures: All supported architectures
Description
An unspecified vulnerability has been discovered int the
CMsgReader::readRect() function in the VNC Viewer component, related to
the encoding type of RFB protocol data.
Impact
A remote attacker could entice a user to connect to a malicious VNC
server, or leverage Man-in-the-Middle attacks, to cause the execution
of arbitrary code with the privileges of the user running the VNC
viewer.
Workaround
There is no known workaround at this time.
Resolution
All Real VNC users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vnc-4.1.3" |
References
CVE-2008-4770
Last edited by GLSA on Thu Oct 03, 2013 4:28 am; edited 2 times in total |
|