Amazon Linux AMI : tigervnc (ALAS-2015-576)

critical Nessus Plugin ID 85231

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.

Solution

Run 'yum update tigervnc' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2015-576.html

Plugin Details

Severity: Critical

ID: 85231

File Name: ala_ALAS-2015-576.nasl

Version: 2.3

Type: local

Agent: unix

Published: 8/5/2015

Updated: 1/15/2020

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:tigervnc, p-cpe:/a:amazon:linux:tigervnc-debuginfo, p-cpe:/a:amazon:linux:tigervnc-server, p-cpe:/a:amazon:linux:tigervnc-server-module, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 8/4/2015

Vulnerability Publication Date: 1/2/2020

Reference Information

CVE: CVE-2014-0011

ALAS: 2015-576