Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 255225 (CVE-2008-4770)

Summary: net-misc/vnc >4.0 <4.1.2 CMsgReader::readRect arbitrary code execution (CVE-2008-4770)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: armin76
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/33263/info
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-17 00:21:55 UTC
CVE-2008-4770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4770):
  The CMsgReader::readRect function in the VNC Viewer component in
  RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
  through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows
  remote VNC servers to execute arbitrary code via crafted RFB protocol
  data, related to "encoding type."
Comment 1 Raúl Porcel (RETIRED) gentoo-dev 2009-01-17 14:13:49 UTC
I think i had a look when 4.1.3 got out and i only saw changes on windows files, but i could be wrong, i'll have a look again.
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-01-17 15:56:21 UTC
Okay, i saw the change, is not windows-only.

Arches, please stabilize:
=net-misc/vnc-4.1.3
Arches: alpha amd64 hppa ia64 ppc ppc64 sh sparc x86
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2009-01-18 11:18:06 UTC
ppc stable
Comment 4 Markus Meier gentoo-dev 2009-01-18 13:57:28 UTC
amd64/x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2009-01-18 16:10:09 UTC
Stable on alpha.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-01-19 10:23:41 UTC
ia64/sh/sparc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-19 12:37:26 UTC
Stable for HPPA.
Comment 8 Brent Baude (RETIRED) gentoo-dev 2009-01-19 16:25:53 UTC
ppc64 done
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2009-01-28 00:29:35 UTC
GLSA request filed.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-03-09 13:58:35 UTC
GLSA 200903-17