Mandriva Linux Security Advisory : vino (MDVSA-2011:087)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Multiple vulnerabilities has been found and corrected in vino :

The rfbSendFramebufferUpdate function in
server/libvncserver/rfbserver.c in vino-server in Vino 2.x before
2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before
3.1.1, when raw encoding is used, allows remote authenticated users to
cause a denial of service (daemon crash) via a large (1) X position or
(2) Y position value in a framebuffer update request that triggers an
out-of-bounds memory access, related to the rfbTranslateNone and
rfbSendRectEncodingRaw functions (CVE-2011-0904).

The rfbSendFramebufferUpdate function in
server/libvncserver/rfbserver.c in vino-server in Vino 2.x before
2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before
3.1.1, when tight encoding is used, allows remote authenticated users
to cause a denial of service (daemon crash) via crafted dimensions in
a framebuffer update request that triggers an out-of-bounds read
operation (CVE-2011-0905).

The updated packages have been upgraded to 2.28.3 which is not
vulnerable to these isssues.

Solution :

Update the affected vino package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 54288 ()

Bugtraq ID: 47681

CVE ID: CVE-2011-0904
CVE-2011-0905

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now