X11 6.6.2_x86: VNC Viewer patch.
Date this patch was last updated by Sun : Jan/05/09

The remote host is affected by the vulnerability described in GLSA-200903-17 (Real VNC: User-assisted execution of arbitrary code)

    An unspecified vulnerability has been discovered int the     CMsgReader::readRect() function in the VNC Viewer component, related to     the encoding type of RFB protocol data.
  Impact :

    A remote attacker could entice a user to connect to a malicious VNC     server, or leverage Man-in-the-Middle attacks, to cause the execution     of arbitrary code with the privileges of the user running the VNC     viewer.
  Workaround :

    There is no known workaround at this time.

Update to 4.1.3 maintenance release which contains fix for CVE-2008-4770

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated vnc packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the 'listen' mode, the attacker could cause the victim's vncviewer to crash or, possibly, execute arbitrary code. (CVE-2008-4770)

Users of vncviewer should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all running instances of vncviewer must be restarted after the update is installed.

X11 6.6.2: VNC Viewer patch.
Date this patch was last updated by Sun : Jan/05/09

The version of RealVNC's VNC Viewer installed on the remote Windows host is affected by multiple issues :

  - An error in the 'CMsgReader::readRect()' function in     'common/rfb/CMsgReader.cxx' that comes into play when     processing encoding types, may allow arbitrary code     execution on the remote system. If an attacker can trick     a user on the remote host into connecting to a malicious     server, he can exploit this issue using specially     crafted     messages to compromise that host.

  - By tricking a user to connect to a malicious VNC server,     it may be possible for an attacker to execute arbitrary     code on a remote system by sending malicious RFB     protocol     data to the remote VNC Viewer component. Note VNC     servers     are not affected by this issue.

An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the 'listen' mode, the attacker could cause the victim's vncviewer to crash or, possibly, execute arbitrary code. (CVE-2008-4770)

For the update to take effect, all running instances of vncviewer must be restarted after the update is installed.

It was discovered that xvnc4viewer, a virtual network computing client software for X, is prone to an integer overflow via a malicious encoding value that could lead to arbitrary code execution.

From Red Hat Security Advisory 2009:0261 :

Updated vnc packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the 'listen' mode, the attacker could cause the victim's vncviewer to crash or, possibly, execute arbitrary code. (CVE-2008-4770)

Users of vncviewer should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all running instances of vncviewer must be restarted after the update is installed.

ID	Name	Product	Family	Published	Updated	Severity
108021	Solaris 10 (x86) : 140456-01	Nessus	Solaris Local Security Checks	3/12/2018	1/14/2021	critical
35815	GLSA-200903-17 : Real VNC: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	3/10/2009	1/6/2021	critical
36322	Fedora 10 : vnc-4.1.3-1.fc10 (2009-0991)	Nessus	Fedora Local Security Checks	4/23/2009	1/11/2021	critical
35651	CentOS 3 / 4 : vnc (CESA-2009:0261)	Nessus	CentOS Local Security Checks	2/12/2009	1/4/2021	critical
107523	Solaris 10 (sparc) : 140455-01	Nessus	Solaris Local Security Checks	3/12/2018	1/14/2021	critical
34461	RealVNC VNC Viewer < 4.1.3/4.4.3 Arbitrary Command Execution	Nessus	Windows	10/21/2008	11/15/2018	high
60535	Scientific Linux Security Update : vnc on SL3.x, SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	critical
35654	RHEL 3 / 4 / 5 : vnc (RHSA-2009:0261)	Nessus	Red Hat Local Security Checks	2/12/2009	1/14/2021	critical
35567	Debian DSA-1716-1 : vnc4 - integer overflow	Nessus	Debian Local Security Checks	2/2/2009	1/4/2021	critical
67799	Oracle Linux 3 / 4 / 5 : vnc (ELSA-2009-0261)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	critical
35465	Fedora 9 : vnc-4.1.3-1.fc9 (2009-1001)	Nessus	Fedora Local Security Checks	1/27/2009	1/11/2021	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

high

critical

critical

critical

critical

critical