Detections
Analytics

Amazon Linux AMI : tigervnc (ALAS-2015-576)

critical Nessus Plugin ID 85231

Language:

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.

Solution

Run 'yum update tigervnc' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2015-576.html

Plugin Details

Severity: Critical

ID: 85231

File Name: ala_ALAS-2015-576.nasl

Version: 2.3

Type: local

Agent: unix

Published: 8/5/2015

Updated: 1/15/2020

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:tigervnc-server-module, p-cpe:/a:amazon:linux:tigervnc-debuginfo, p-cpe:/a:amazon:linux:tigervnc, p-cpe:/a:amazon:linux:tigervnc-server, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 8/4/2015

Vulnerability Publication Date: 1/2/2020

Reference Information

CVE: CVE-2014-0011

ALAS: 2015-576