thr3ads.net - Secure testing team - [Secure-testing-team] Bug#513531: CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data [Jan 2009]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2009-Jan-29 22:30 UTC

[Secure-testing-team] Bug#513531: CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data

Package: xvnc4viewer
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vnc4.

CVE-2008-4770[0]:
| The CMsgReader::readRect function in the VNC Viewer component in
| RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
| through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote
| VNC servers to execute arbitrary code via crafted RFB protocol data,
| related to "encoding type."

The upstream patch[1] can be found in the redhat bugreport[2].

For lenny, this could be fixed via migration from unstable. Please CC
secure-testing-team at lists.alioth.debian.org when you email the release
team and ask for the unblock, so we are kept in the loop.

I guess the issue is also severe enough to warrant a DSA update. I
haven''t tried to exploit it yet though.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770
    http://security-tracker.debian.net/tracker/CVE-2008-4770
[1] https://bugzilla.redhat.com/attachment.cgi?id=329323
[2] https://bugzilla.redhat.com/show_bug.cgi?id=480590

Secure testing team - Jan 2009 - Bug#513531: CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data

[Secure-testing-team] Bug#513531: CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data