|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA19513] Ultr
VNC Buffer Overflow Vulnerabilities
From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Apr 05 2006 - 04:47:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
UltrVNC Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA19513
VERIFY ADVISORY:
http://secunia.com/advisories/19513/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
UltrVNC 1.x
http://secunia.com/product/2836/
DESCRIPTION:
Luigi Auriemma has reported two vulnerabilities in UltrVNC, which
can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
1) A boundary error exists in the "Log::ReallyPrint()" client
function when logging replies received from a VNC server during
login. This can be exploited to cause a buffer overflow on a client
system via a "connection failed" error response with an overly long
string.
Successful exploitation may allow execution of arbitrary code on a
client system when e.g. connecting to a malicious VNC server.
2) A boundary error in the "VNCLog::ReallyPrint()" function when
logging information can be exploited to cause a buffer overflow. This
may crash the VNC service or allow execution of arbitrary code.
Successful exploitation requires that an administrative user has
changed the default "Log debug infos to the WinVNC.log file" setting
in the configuration. Systems are still vulnerable even when this
setting has been changed back to the default state.
The vulnerabilities have been reported in version 1.0.1. Other
versions may also be affected.
SOLUTION:
A patch will reportedly be released in the next weeks.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/uvncbof-adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]