Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Gentoo: GLSA-201411-03: TigerVNC: User-assisted execution of arbitrary code

    Date05 Nov 2014
    CategoryGentoo
    40
    Posted ByLinuxSecurity Advisories
    A buffer overflow in TigerVNC could result in execution of arbitrary code or Denial of Service. 
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201411-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: TigerVNC: User-assisted execution of arbitrary code
     Date: November 05, 2014
     Bugs: #505170
       ID: 201411-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow in TigerVNC could result in execution of arbitrary
code or Denial of Service.

Background
==========

TigerVNC is a high-performance VNC server/client.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-misc/tigervnc            < 1.3.1 >= 1.3.1

Description
===========

Two boundary errors in TigerVNC could lead to a heap-based buffer
overflow.

Impact
======

A remote attacker could entice a user to connect to a malicious VNC
server using TigerVNC, possibly resulting in execution of arbitrary
code with the privileges of the process or a Denial of Service
condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All TigerVNC users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.3.1"

References
==========

[ 1 ] CVE-2014-0011
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0011

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201411-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

    Related News

    Computing enthusiast cracks ancient Unix code
    Computing enthusiast cracks ancient Unix code
    Soldering spy chips inside firewalls is now a cheap hack, shows researcher
    Soldering spy chips inside firewalls is now a cheap hack, shows researcher
    #SecTorCa: Millions of Phones Leaking Information Via Tor
    #SecTorCa: Millions of Phones Leaking Information Via Tor
    Hackers bypassing some types of 2FA security FBI warns
    Hackers bypassing some types of 2FA security FBI warns
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Slackware: 2019-287-01: sudo Security Update
    Date14 Oct 2019 @ 14:07
    Debian LTS: DLA-1959-1: xtrlock security update
    Date14 Oct 2019 @ 12:49
    Debian: DSA-4543-1: sudo security update
    Date14 Oct 2019 @ 11:05
    RedHat: RHSA-2019-3050:01 Important: Red Hat Single Sign-On 7.3.4 security
    Date14 Oct 2019 @ 11:00

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More