Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0905

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-0905
Last Modified 20 Feb 2014 11:40:34
Published 10 May 2011 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-0905

Summary

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

Vulnerable Systems

Application

  • David King Vino 2.10

  • David King Vino 2.11

  • David King Vino 2.12

  • David King Vino 2.13

  • David King Vino 2.13.5

  • David King Vino 2.14

  • David King Vino 2.15

  • David King Vino 2.16

  • David King Vino 2.17

  • David King Vino 2.17.2

  • David King Vino 2.17.4

  • David King Vino 2.17.5

  • David King Vino 2.17.92

  • David King Vino 2.18

  • David King Vino 2.18.1

  • David King Vino 2.19

  • David King Vino 2.19.5

  • David King Vino 2.19.90

  • David King Vino 2.19.92

  • David King Vino 2.20

  • David King Vino 2.20.1

  • David King Vino 2.21

  • David King Vino 2.21.1

  • David King Vino 2.21.2

  • David King Vino 2.21.3

  • David King Vino 2.21.90

  • David King Vino 2.21.91

  • David King Vino 2.21.92

  • David King Vino 2.22

  • David King Vino 2.22.1

  • David King Vino 2.22.2

  • David King Vino 2.23

  • David King Vino 2.23.5

  • David King Vino 2.23.90

  • David King Vino 2.23.91

  • David King Vino 2.23.92

  • David King Vino 2.24

  • David King Vino 2.24.1

  • David King Vino 2.25

  • David King Vino 2.25.3

  • David King Vino 2.25.4

  • David King Vino 2.25.5

  • David King Vino 2.25.90

  • David King Vino 2.25.91

  • David King Vino 2.25.92

  • David King Vino 2.26

  • David King Vino 2.26.1

  • David King Vino 2.26.2

  • David King Vino 2.27

  • David King Vino 2.27.5

  • David King Vino 2.27.90

  • David King Vino 2.27.91

  • David King Vino 2.27.92

  • David King Vino 2.28

  • David King Vino 2.28.1

  • David King Vino 2.28.2

  • David King Vino 2.32.0

  • David King Vino 2.32.1

  • David King Vino 3.0.0

  • David King Vino 3.0.1

  • David King Vino 3.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=694456

CONFIRM - http://git.gnome.org/browse/vino/log/?h=gnome-2-30

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f

CONFIRM - http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=641803

XF - vino-framebuffer-dos(67244)

VUPEN - ADV-2011-1144

UBUNTU - USN-1128-1

BID - 47681

MANDRIVA - MDVSA-2011:087

DEBIAN - DSA-2238

SECUNIA - 44463

SECUNIA - 44410

CONFIRM - http://git.gnome.org/browse/vino/tree/NEWS

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news

REDHAT - RHSA-2013:0169

SUSE - SUSE-SR:2011:009

Related Patches

Novell SUSE 2011:7531 vino security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 11:02:00