Gentoo Bug 255225 - net-misc/vnc >4.0 <4.1.2 CMsgReader::readRect arbitrary code execution (CVE-2008-4770)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	255225
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Stefan Behte <craig@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 255225 depends on:			Show dependency tree
Bug 255225 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2009-01-17 00:21 0000

CVE-2008-4770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4770):
  The CMsgReader::readRect function in the VNC Viewer component in
  RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
  through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows
  remote VNC servers to execute arbitrary code via crafted RFB protocol
  data, related to "encoding type."

------- Comment #1 From Raúl Porcel 2009-01-17 14:13:49 0000 -------

I think i had a look when 4.1.3 got out and i only saw changes on windows
files, but i could be wrong, i'll have a look again.

------- Comment #2 From Raúl Porcel 2009-01-17 15:56:21 0000 -------

Okay, i saw the change, is not windows-only.

Arches, please stabilize:
=net-misc/vnc-4.1.3
Arches: alpha amd64 hppa ia64 ppc ppc64 sh sparc x86

------- Comment #3 From Tobias Scherbaum 2009-01-18 11:18:06 0000 -------

ppc stable

------- Comment #4 From Markus Meier 2009-01-18 13:57:28 0000 -------

amd64/x86 stable

------- Comment #5 From Tobias Klausmann 2009-01-18 16:10:09 0000 -------

Stable on alpha.

------- Comment #6 From Raúl Porcel 2009-01-19 10:23:41 0000 -------

ia64/sh/sparc stable

------- Comment #7 From Jeroen Roovers 2009-01-19 12:37:26 0000 -------

Stable for HPPA.

------- Comment #8 From Brent Baude 2009-01-19 16:25:53 0000 -------

ppc64 done

------- Comment #9 From Tobias Heinlein 2009-01-28 00:29:35 0000 -------

GLSA request filed.

------- Comment #10 From Robert Buchholz 2009-03-09 13:58:35 0000 -------

GLSA 200903-17

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 255225

net-misc/vnc >4.0 <4.1.2 CMsgReader::readRect arbitrary code execution (CVE-2008-4770)

Last modified: 2009-03-09 13:58:35 0000