Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.841989
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for libvncserver USN-2365-1
Zusammenfassung:The remote host is missing an update for the 'libvncserver'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libvncserver'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)

Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)

Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the
file transfer feature. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-6055)

Affected Software/OS:
libvncserver on Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-6051
BugTraq ID: 70093
http://www.securityfocus.com/bid/70093
Debian Security Information: DSA-3081 (Google Search)
http://www.debian.org/security/2014/dsa-3081
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
https://security.gentoo.org/glsa/201507-07
https://security.gentoo.org/glsa/201612-36
http://www.ocert.org/advisories/ocert-2014-007.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
http://seclists.org/oss-sec/2014/q3/639
http://www.openwall.com/lists/oss-security/2014/09/25/11
RedHat Security Advisories: RHSA-2015:0113
http://rhn.redhat.com/errata/RHSA-2015-0113.html
http://secunia.com/advisories/61506
SuSE Security Announcement: openSUSE-SU-2015:2207 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-6052
BugTraq ID: 70091
http://www.securityfocus.com/bid/70091
http://secunia.com/advisories/61682
http://ubuntu.com/usn/usn-2365-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-6053
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-6054
BugTraq ID: 70094
http://www.securityfocus.com/bid/70094
http://www.ubuntu.com/usn/USN-2365-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-6055
BugTraq ID: 70096
http://www.securityfocus.com/bid/70096
XForce ISS Database: libvncserver-cve20146055-bo(96187)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96187
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.