CVE-2014-6055

Опубликовано: 23 сент. 2014

Источник: redhat

CVSS2: 6

EPSS Средний

Описание

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kdenetwork	Not affected
Red Hat Enterprise Linux 6	kdenetwork	Not affected
Red Hat Enterprise Linux 6	libvncserver	Fixed	RHSA-2014:1826	11.11.2014
Red Hat Enterprise Linux 6.5 Extended Update Support	libvncserver	Fixed	RHSA-2015:0113	02.02.2015
Red Hat Enterprise Linux 7	libvncserver	Fixed	RHSA-2014:1826	11.11.2014
Red Hat Enterprise Linux 7	kdenetwork	Fixed	RHSA-2014:1827	11.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1144293libvncserver: server stacked-based buffer overflow flaws in file transfer handling

EPSS

Процентиль: 93%

0.11157

Средний

6 Medium

CVSS2

Связанные уязвимости

CVE-2014-6055

ubuntu

почти 11 лет назад

CVE-2014-6055

nvd

почти 11 лет назад

CVE-2014-6055

debian

почти 11 лет назад

Multiple stack-based buffer overflows in the File Transfer feature in ...

GHSA-ggwh-wx55-84cx

github

около 3 лет назад

ELSA-2014-1827

oracle-oval

больше 10 лет назад

ELSA-2014-1827: kdenetwork security update (MODERATE)

EPSS

Процентиль: 93%

0.11157

Средний

6 Medium

CVSS2