Executive Summary

Summary
Title Sun Alert 248526 A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS)
Informations
Name SUN-248526 First vendor Publication 2009-01-12
Vendor Sun Last vendor Modification 2009-01-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

The VNC viewer for X (vncviewer(1)) contains a security vulnerability within the validation function for the server-supplied RFB protocol data that may allow a remote unprivileged user to execute arbitrary code with the privileges of the local user and crash the viewer.  The ability to crash the VNC viewer is a type of Denial of Service (DoS).

This issue is described in the following documents:



State: Resolved
First released: 12-Jan-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-248526-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_248526_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13774
 
Oval ID: oval:org.mitre.oval:def:13774
Title: DSA-1716-1 vnc4 -- integer overflow
Description: It was discovered that xvnc4viewer, a virtual network computing client software for X, is prone to an integer overflow via a malicious encoding value that could lead to arbitrary code execution. For the stable distribution this problem has been fixed in version 4.1.1+X4.3.0-21+etch1. For the unstable distribution this problem has been fixed in version 4.1.1+X4.3.0-31. For the testing distribution this problem will be fixed soon. We recommend that you upgrade your vnc4 packages.
Family: unix Class: patch
Reference(s): DSA-1716-1
CVE-2008-4770
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): vnc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22776
 
Oval ID: oval:org.mitre.oval:def:22776
Title: ELSA-2009:0261: vnc security update (Moderate)
Description: The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Family: unix Class: patch
Reference(s): ELSA-2009:0261-01
CVE-2008-4770
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): vnc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29367
 
Oval ID: oval:org.mitre.oval:def:29367
Title: RHSA-2009:0261 -- vnc security update (Moderate)
Description: Updated vnc packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:0261
CESA-2009:0261-CentOS 3
CVE-2008-4770
 Version: 3
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 3
 Product(s): vnc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7807
 
Oval ID: oval:org.mitre.oval:def:7807
Title: DSA-1716 vnc4 -- integer overflow
Description: It was discovered that xvnc4viewer, a virtual network computing client software for X, is prone to an integer overflow via a malicious encoding value that could lead to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-1716
CVE-2008-4770
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): vnc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9367
 
Oval ID: oval:org.mitre.oval:def:9367
Title: The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Description: The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4770
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for vnc CESA-2009:0261 centos3 i386
File : nvt/gb_CESA-2009_0261_vnc_centos3_i386.nasl
2011-08-09 Name : CentOS Update for vnc CESA-2009:0261 centos4 i386
File : nvt/gb_CESA-2009_0261_vnc_centos4_i386.nasl
2009-03-13 Name : Gentoo Security Advisory GLSA 200903-17 (vnc)
File : nvt/glsa_200903_17.nasl
2009-02-13 Name : RedHat Security Advisory RHSA-2009:0261
File : nvt/RHSA_2009_0261.nasl
2009-02-13 Name : CentOS Security Advisory CESA-2009:0261 (vnc)
File : nvt/ovcesa2009_0261.nasl
2009-02-02 Name : Debian Security Advisory DSA 1716-1 (vnc4)
File : nvt/deb_1716_1.nasl
2009-02-02 Name : Fedora Core 10 FEDORA-2009-0991 (vnc)
File : nvt/fcore_2009_0991.nasl
2009-02-02 Name : Fedora Core 9 FEDORA-2009-1001 (vnc)
File : nvt/fcore_2009_1001.nasl
2008-10-29 Name : RealVNC VNC Viewer Remote Code Execution Vulnerability (Linux)
File : nvt/secpod_realvnc_remote_code_exe_vuln_lin_900163.nasl
2008-10-29 Name : RealVNC VNC Viewer Remote Code Execution Vulnerability (Win)
File : nvt/secpod_realvnc_remote_code_exe_vuln_win_900162.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50050 RealVNC VNC Viewer common/rfb/CMsgReader.cxx CMsgReader::readRect() Function ...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0261.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090211_vnc_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0991.nasl - Type : ACT_GATHER_INFO
2009-03-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-17.nasl - Type : ACT_GATHER_INFO
2009-02-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0261.nasl - Type : ACT_GATHER_INFO
2009-02-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0261.nasl - Type : ACT_GATHER_INFO
2009-02-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1716.nasl - Type : ACT_GATHER_INFO
2009-01-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1001.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 140455-03
File : solaris10_140455.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 140456-03
File : solaris10_x86_140456.nasl - Type : ACT_GATHER_INFO
2008-10-21 Name : The remote Windows host has an application that may allow execution of arbitr...
File : realvnc_4_1_3.nasl - Type : ACT_GATHER_INFO