CVE-2014-8241 - XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference

CVE-2014-8241

Summary

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

References

Vulnerable Configurations

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-12-2016 - 02:59)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1199453
title	Re-base to tigervnc-1.3.x

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment tigervnc is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233001
comment tigervnc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110871002

AND

comment tigervnc-icons is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233003
comment tigervnc-icons is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152233004

AND

comment tigervnc-license is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233005
comment tigervnc-license is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152233006

AND

comment tigervnc-server is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233007
comment tigervnc-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110871004

AND

comment tigervnc-server-applet is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233009
comment tigervnc-server-applet is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110871006

AND

comment tigervnc-server-minimal is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233011
comment tigervnc-server-minimal is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152233012

AND

comment tigervnc-server-module is earlier than 0:1.3.1-3.el7
oval oval:com.redhat.rhsa:tst:20152233013
comment tigervnc-server-module is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110871008

rhsa

id	RHSA-2015:2233
released	2015-11-19
severity	Moderate
title	RHSA-2015:2233: tigervnc security, bug fix, and enhancement update (Moderate)

rpms

tigervnc-0:1.3.1-3.el7
tigervnc-debuginfo-0:1.3.1-3.el7
tigervnc-icons-0:1.3.1-3.el7
tigervnc-license-0:1.3.1-3.el7
tigervnc-server-0:1.3.1-3.el7
tigervnc-server-applet-0:1.3.1-3.el7
tigervnc-server-minimal-0:1.3.1-3.el7
tigervnc-server-module-0:1.3.1-3.el7

refmap via4

bid	70390
confirm	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1151312
mlist	[oss-security] 20141010 Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver [oss-security] 20141011 Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver

Last major update

20-12-2016 - 02:59

Published

14-12-2016 - 22:59

Last modified

20-12-2016 - 02:59