Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255225 (CVE-2008-4770) - net-misc/vnc >4.0 <4.1.2 CMsgReader::readRect arbitrary code execution (CVE-2008-4770)
Summary: net-misc/vnc >4.0 <4.1.2 CMsgReader::readRect arbitrary code execution (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2008-4770
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/3326...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-17 00:21 UTC by Stefan Behte (RETIRED)
Modified: 2009-03-09 13:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-17 00:21:55 UTC
CVE-2008-4770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4770):
  The CMsgReader::readRect function in the VNC Viewer component in
  RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
  through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows
  remote VNC servers to execute arbitrary code via crafted RFB protocol
  data, related to "encoding type."
Comment 1 Raúl Porcel (RETIRED) gentoo-dev 2009-01-17 14:13:49 UTC
I think i had a look when 4.1.3 got out and i only saw changes on windows files, but i could be wrong, i'll have a look again.
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-01-17 15:56:21 UTC
Okay, i saw the change, is not windows-only.

Arches, please stabilize:
=net-misc/vnc-4.1.3
Arches: alpha amd64 hppa ia64 ppc ppc64 sh sparc x86
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2009-01-18 11:18:06 UTC
ppc stable
Comment 4 Markus Meier gentoo-dev 2009-01-18 13:57:28 UTC
amd64/x86 stable
Comment 5 Tobias Klausmann gentoo-dev 2009-01-18 16:10:09 UTC
Stable on alpha.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-01-19 10:23:41 UTC
ia64/sh/sparc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-19 12:37:26 UTC
Stable for HPPA.
Comment 8 Brent Baude (RETIRED) gentoo-dev 2009-01-19 16:25:53 UTC
ppc64 done
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2009-01-28 00:29:35 UTC
GLSA request filed.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-03-09 13:58:35 UTC
GLSA 200903-17