Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian LTS: DLA-1979-1 Critical: iTALC Remote Code Execution Issues

debian lts
Calendar Grey October 30, 2019
Dist Debian Esm H88
Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053
Several vulnerabilities have been identified in the VNC code of iTALC, a classroom management software

Summary

CVE-2014-6051

Integer overflow in the MallocFrameBuffer function in vncviewer.c in
LibVNCServer allowed remote VNC servers to cause a denial of service
(crash) and possibly executed arbitrary code via an advertisement for
a large screen size, which triggered a heap-based buffer overflow.

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in
LibVNCServer did not check certain malloc return values, which
allowed remote VNC servers to cause a denial of service (application
crash) or possibly execute arbitrary code by specifying a large
screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3)
PalmVNCReSizeFrameBuffer message.

CVE-2014-6053

The rfbProcessClientNormalMessage function in
libvncserver/rfbserver.c in LibVNCServer did not properly handle
attempts to send a large amount of ClientCutText data, which allowed
remote attackers to cause a denial of service (memory consumption or

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: italc
Version: 1:2.0.2+dfsg1-2+deb8u1
CVE ID: CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.