RHEL 7 : tigervnc and fltk (RHSA-2017:2000)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for tigervnc and fltk is now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Virtual Network Computing (VNC) is a remote display system which
allows users to view a computing desktop environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. TigerVNC is a suite of
VNC servers and clients which allows users to connect to other
desktops running a VNC server.

FLTK (pronounced 'fulltick') is a cross-platform C++ GUI toolkit. It
provides modern GUI functionality without the bloat, and supports 3D
graphics via OpenGL and its built-in GLUT emulation.

The following packages have been upgraded to a later upstream version:
tigervnc (1.8.0), fltk (1.3.4). (BZ#1388620, BZ#1413598)

Security Fix(es) :

* A denial of service flaw was found in the TigerVNC's Xvnc server. A
remote unauthenticated attacker could use this flaw to make Xvnc crash
by terminating the TLS handshake process early. (CVE-2016-10207)

* A double free flaw was found in the way TigerVNC handled ClientFence
messages. A remote, authenticated attacker could use this flaw to make
Xvnc crash by sending specially crafted ClientFence messages,
resulting in denial of service. (CVE-2017-7393)

* A missing input sanitization flaw was found in the way TigerVNC
handled credentials. A remote unauthenticated attacker could use this
flaw to make Xvnc crash by sending specially crafted usernames,
resulting in denial of service. (CVE-2017-7394)

* An integer overflow flaw was found in the way TigerVNC handled
ClientCutText messages. A remote, authenticated attacker could use
this flaw to make Xvnc crash by sending specially crafted
ClientCutText messages, resulting in denial of service.
(CVE-2017-7395)

* A buffer overflow flaw, leading to memory corruption, was found in
TigerVNC viewer. A remote malicious VNC server could use this flaw to
crash the client vncviewer process resulting in denial of service.
(CVE-2017-5581)

* A memory leak flaw was found in the way TigerVNC handled termination
of VeNCrypt connections. A remote unauthenticated attacker could
repeatedly send connection requests to the Xvnc server, causing it to
consume large amounts of memory resources over time, and ultimately
leading to a denial of service due to memory exhaustion.
(CVE-2017-7392)

* A memory leak flaw was found in the way TigerVNC handled client
connections. A remote unauthenticated attacker could repeatedly send
connection requests to the Xvnc server, causing it to consume large
amounts of memory resources over time, and ultimately leading to a
denial of service due to memory exhaustion. (CVE-2017-7396)

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.

See also :

http://www.nessus.org/u?70a6f8bb
http://rhn.redhat.com/errata/RHSA-2017-2000.html
https://www.redhat.com/security/data/cve/CVE-2016-10207.html
https://www.redhat.com/security/data/cve/CVE-2017-5581.html
https://www.redhat.com/security/data/cve/CVE-2017-7392.html
https://www.redhat.com/security/data/cve/CVE-2017-7393.html
https://www.redhat.com/security/data/cve/CVE-2017-7394.html
https://www.redhat.com/security/data/cve/CVE-2017-7395.html
https://www.redhat.com/security/data/cve/CVE-2017-7396.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 102109 ()

Bugtraq ID:

CVE ID: CVE-2016-10207
CVE-2017-5581
CVE-2017-7392
CVE-2017-7393
CVE-2017-7394
CVE-2017-7395
CVE-2017-7396

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now