250314 – net-misc/vinagre < 0.5.2 or < 2.24.2 vinagre_utils_show_error() execution of arbitrary code (CVE-2008-5660)

Bug 250314 - net-misc/vinagre < 0.5.2 or < 2.24.2 vinagre_utils_show_error() execution of arbitrary code (CVE-2008-5660)

Summary: net-misc/vinagre < 0.5.2 or < 2.24.2 vinagre_utils_show_error() execution of ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/Advisories/33041/
Whiteboard:	A2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-12-08 19:39 UTC by stupendoussteve
Modified:	2009-03-06 22:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description stupendoussteve 2008-12-08 19:39:53 UTC

Description:
A vulnerability has been discovered in Vinagre, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a format string error within the "vinagre_utils_show_error()" function in src/vinagre-utils.c. This can be exploited by e.g. tricking a user into opening a specially crafted .vnc file.

Successful exploitation may allow the execution of arbitrary code.

The vulnerability is confirmed in version 2.24.0. Other versions may also be affected.

Ref: http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.changes
http://ftp.gnome.org/pub/GNOME/sources/vinagre/2.24/vinagre-2.24.2.changes

Reproducible: Always

Comment 1 Mart Raudsepp gentoo-dev

2008-12-10 03:14:11 UTC

vinagre 0.5.2 and 2.24.2 are in portage tree now - they contain the obvious fix.

Arches, please stabilize net-misc/vinagre-0.5.2

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2008-12-10 17:27:37 UTC

amd64 stable

Comment 3 Markus Meier gentoo-dev

2008-12-10 22:18:09 UTC

x86 stable

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2008-12-11 17:57:03 UTC

Stable for HPPA. Looks like 2.24.1 can be removed immediately.

Comment 5 Brent Baude (RETIRED) gentoo-dev

2008-12-11 21:24:18 UTC

ppc64 done

Comment 6 Friedrich Oslage (RETIRED) gentoo-dev

2008-12-13 11:03:41 UTC

sparc stable

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2008-12-13 13:48:44 UTC

ppc stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2008-12-13 17:30:58 UTC

alpha/ia64 stable

Comment 9 Tobias Heinlein (RETIRED) gentoo-dev

2008-12-13 20:31:13 UTC

GLSA request filed.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2008-12-18 16:33:27 UTC

CVE-2008-5660 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5660):
  Format string vulnerability in the vinagre_utils_show_error function
  (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before
  2.24.2 might allow remote attackers to execute arbitrary code via a
  crafted URI or VNC server response.

Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-06 22:05:06 UTC

GLSA 200903-01