Check Point Advisories

Update Protection against UltraVNC VNCViewer Authenticate Buffer Overflow

Check Point Reference: CPAI-2009-055
Date Published: 27 Feb 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33794
Industry Reference:CVE-2009-0388
Protection Provided by:
Who is Vulnerable? UltraVNC UltraVNC 1.0.5.3 and priors
Vulnerability Description A buffer overflow vulnerability was reported in multiple Virtual Network Computing (VNC) based applications. Virtual Network Computing (VNC) is a graphical desktop sharing technology desigend to remotely control another computer. The flaw is due to improper validation of length value in network messages. A remote attacker can trigger this vulnerability by persuading the target user to connect to a malicious VNC server.
Update/Patch AvaliableThe problem has been fixed in the SVN repository.
http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
Vulnerability DetailsThe vulnerabilities are caused due to signedness errors within several functions including ClientConnection::CheckBufferSize()" and "ClientConnection::CheckFileZipBufferSize()". A remote attacker could trigger the vulnerability using a crafted, unusually long network message.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK