Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5660

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5660
Last Modified 07 Mar 2011 12:00:00
Published 17 Dec 2008 03:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5660

Summary

Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

Vulnerable Systems

Application

  • Gnome Vinagre 0.5.0

  • Gnome Vinagre 0.5.1

  • Gnome Vinagre 2.23.1

  • Gnome Vinagre 2.23.2

  • Gnome Vinagre 2.23.3

  • Gnome Vinagre 2.23.3.1

  • Gnome Vinagre 2.23.4

  • Gnome Vinagre 2.23.90

  • Gnome Vinagre 2.23.91

  • Gnome Vinagre 2.23.92

  • Gnome Vinagre 2.24.0

  • Gnome Vinagre 2.24.1


References

FEDORA - FEDORA-2008-10941

FEDORA - FEDORA-2008-10932

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=475070

VUPEN - ADV-2008-3362

UBUNTU - USN-689-1

BUGTRAQ - 20081209 CORE-2008-1127 - Vinagre show_error() format string vulnerability

MILW0RM - 7401

MANDRIVA - MDVSA-2008:240

MISC - http://www.coresecurity.com/content/vinagre-format-string

SECUNIA - 33082

SECUNIA - 33046

SECUNIA - 33041


Last Updated: 27 May 2016 10:48:52