MidnightBSD

Advisories for libvncserver

CVE-2006-2450 HIGH

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libvncserver libvncserver 0.7.1
CVE-2014-6051 HIGH

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
fedoraproject fedora 20
oracle solaris 11.3
redhat enterprise_linux_server_eus 6.5.z
fedoraproject fedora 21
libvncserver libvncserver *
debian debian_linux 7.0
redhat enterprise_linux_server_aus 6.5
CVE-2014-6052 HIGH

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
oracle solaris 11.3
libvncserver libvncserver *
debian debian_linux 7.0
CVE-2014-6053 MEDIUM

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
libvncserver libvncserver *
debian debian_linux 7.0
CVE-2014-6054 MEDIUM

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
libvncserver libvncserver *
debian debian_linux 7.0
CVE-2014-6055 MEDIUM

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 20
redhat enterprise_linux_server_eus 6.5.z
fedoraproject fedora 21
libvncserver libvncserver *
debian debian_linux 7.0
redhat enterprise_linux_server_aus 6.5