Joined: 12 May 2004
|Posted: Mon Mar 09, 2009 8:26 pm Post subject: [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbi
|Gentoo Linux Security Advisory
Title: Real VNC: User-assisted execution of arbitrary code (GLSA 200903-17)
Date: March 09, 2009
The Real VNC client is vulnerable to execution of arbitrary code when
connecting to a malicious server.
Real VNC is a remote desktop viewer display system.
Vulnerable: < 4.1.3
Unaffected: >= 4.1.3
Architectures: All supported architectures
An unspecified vulnerability has been discovered int the
CMsgReader::readRect() function in the VNC Viewer component, related to
the encoding type of RFB protocol data.
A remote attacker could entice a user to connect to a malicious VNC
server, or leverage Man-in-the-Middle attacks, to cause the execution
of arbitrary code with the privileges of the user running the VNC
There is no known workaround at this time.
All Real VNC users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vnc-4.1.3"
Last edited by GLSA on Thu Oct 03, 2013 4:28 am; edited 2 times in total