ID CVE-2014-6054
Summary The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
References
Vulnerable Configurations
  • cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
CVSS
Base: 4.3 (as of 22-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • libvncserver-0:0.9.9-9.el7_0.1
  • libvncserver-devel-0:0.9.9-9.el7_0.1
  • libvncserver-0:0.9.7-7.el6_6.1
  • libvncserver-devel-0:0.9.7-7.el6_6.1
  • kdenetwork-7:4.10.5-8.el7_0
  • kdenetwork-common-7:4.10.5-8.el7_0
  • kdenetwork-devel-7:4.10.5-8.el7_0
  • kdenetwork-fileshare-samba-7:4.10.5-8.el7_0
  • kdenetwork-kdnssd-7:4.10.5-8.el7_0
  • kdenetwork-kget-7:4.10.5-8.el7_0
  • kdenetwork-kget-libs-7:4.10.5-8.el7_0
  • kdenetwork-kopete-7:4.10.5-8.el7_0
  • kdenetwork-kopete-devel-7:4.10.5-8.el7_0
  • kdenetwork-kopete-libs-7:4.10.5-8.el7_0
  • kdenetwork-krdc-7:4.10.5-8.el7_0
  • kdenetwork-krdc-devel-7:4.10.5-8.el7_0
  • kdenetwork-krdc-libs-7:4.10.5-8.el7_0
  • kdenetwork-krfb-7:4.10.5-8.el7_0
  • kdenetwork-krfb-libs-7:4.10.5-8.el7_0
refmap via4
bid 70094
confirm https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
debian DSA-3081
gentoo GLSA-201507-07
misc http://www.ocert.org/advisories/ocert-2014-007.html
mlist
  • [oss-security] 20140923 Multiple issues in libVNCserver
  • [oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues
secunia
  • 61506
  • 61682
suse openSUSE-SU-2015:2207
ubuntu USN-2365-1
Last major update 22-12-2016 - 02:59
Published 06-10-2014 - 14:55
Back to Top