CVE-2014-6055

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html

http://rhn.redhat.com/errata/RHSA-2015-0113.html

http://seclists.org/oss-sec/2014/q3/639

http://secunia.com/advisories/61506

http://www.debian.org/security/2014/dsa-3081

http://www.ocert.org/advisories/ocert-2014-007.html

http://www.openwall.com/lists/oss-security/2014/09/25/11

http://www.securityfocus.com/bid/70096

https://exchange.xforce.ibmcloud.com/vulnerabilities/96187

https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e

https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

https://security.gentoo.org/glsa/201507-07

https://usn.ubuntu.com/4587-1/

https://www.kde.org/info/security/advisory-20140923-1.txt

Details

Source: MITRE

Published: 2014-09-30

Updated: 2020-10-23

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
141545Ubuntu 16.04 LTS : iTALC vulnerabilities (USN-4587-1)NessusUbuntu Local Security Checks
critical
130408Debian DLA-1979-1 : italc security updateNessusDebian Local Security Checks
critical
93990FreeBSD : libvncserver -- multiple security vulnerabilities (cb3f036d-8c7f-11e6-924a-60a44ce6887b)NessusFreeBSD Local Security Checks
high
87721SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-2)NessusSuSE Local Security Checks
high
87389openSUSE Security Update : LibVNCServer (openSUSE-2015-851)NessusSuSE Local Security Checks
high
87105SUSE SLED11 / SLES11 Security Update : LibVNCServer (SUSE-SU-2015:2110-1)NessusSuSE Local Security Checks
high
87064SUSE SLED12 / SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-1)NessusSuSE Local Security Checks
high
84606GLSA-201507-07 : LibVNCServer: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
82784Debian DLA-197-1 : libvncserver security updateNessusDebian Local Security Checks
high
82399Mandriva Linux Security Advisory : libvncserver (MDVSA-2015:146)NessusMandriva Local Security Checks
high
81143RHEL 6 : libvncserver (RHSA-2015:0113)NessusRed Hat Local Security Checks
high
79629Debian DSA-3081-1 : libvncserver - security updateNessusDebian Local Security Checks
high
79589Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:229)NessusMandriva Local Security Checks
high
79230Scientific Linux Security Update : libvncserver on SL6.x, SL7.x i386/x86_64 (20141111)NessusScientific Linux Local Security Checks
high
79229Scientific Linux Security Update : kdenetwork on SL7.x x86_64 (20141111)NessusScientific Linux Local Security Checks
medium
79219CentOS 7 : kdenetwork (CESA-2014:1827)NessusCentOS Local Security Checks
medium
79203RHEL 7 : kdenetwork (RHSA-2014:1827)NessusRed Hat Local Security Checks
medium
79202RHEL 6 / 7 : libvncserver (RHSA-2014:1826)NessusRed Hat Local Security Checks
high
79200Oracle Linux 7 : kdenetwork (ELSA-2014-1827)NessusOracle Linux Local Security Checks
medium
79199Oracle Linux 6 / 7 : libvncserver (ELSA-2014-1826)NessusOracle Linux Local Security Checks
high
79188CentOS 6 / 7 : libvncserver (CESA-2014:1826)NessusCentOS Local Security Checks
high
78095Fedora 19 : krfb-4.11.5-4.fc19 (2014-11464)NessusFedora Local Security Checks
high
78053Fedora 19 : libvncserver-0.9.10-0.6.20140718git9453be42.fc19 (2014-11541)NessusFedora Local Security Checks
high
78000Fedora 21 : libvncserver-0.9.10-0.6.20140718git9453be42.fc21 (2014-11685)NessusFedora Local Security Checks
high
77982Ubuntu 12.04 LTS / 14.04 LTS : libvncserver vulnerabilities (USN-2365-1)NessusUbuntu Local Security Checks
high
77942Fedora 20 : libvncserver-0.9.10-0.6.20140718git9453be42.fc20 (2014-11537)NessusFedora Local Security Checks
high
77837FreeBSD : krfb -- Multiple security issues in bundled libvncserver (fb25333d-442f-11e4-98f3-5453ed2e2b49)NessusFreeBSD Local Security Checks
medium