Debian Bug report logs -
#513531
CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Thu, 29 Jan 2009 22:33:01 UTC
Severity: grave
Tags: patch, security
Fixed in versions vnc4/4.1.1+X4.3.0-31, vnc4/4.1.1+X4.3.0-21+etch4
Done: Steffen Joeris <white@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Ola Lundqvist <opal@debian.org>:
Bug#513531; Package xvnc4viewer.
(Thu, 29 Jan 2009 22:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Ola Lundqvist <opal@debian.org>.
(Thu, 29 Jan 2009 22:33:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xvnc4viewer
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vnc4.
CVE-2008-4770[0]:
| The CMsgReader::readRect function in the VNC Viewer component in
| RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
| through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote
| VNC servers to execute arbitrary code via crafted RFB protocol data,
| related to "encoding type."
The upstream patch[1] can be found in the redhat bugreport[2].
For lenny, this could be fixed via migration from unstable. Please CC
secure-testing-team@lists.alioth.debian.org when you email the release
team and ask for the unblock, so we are kept in the loop.
I guess the issue is also severe enough to warrant a DSA update. I
haven't tried to exploit it yet though.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770
http://security-tracker.debian.net/tracker/CVE-2008-4770
[1] https://bugzilla.redhat.com/attachment.cgi?id=329323
[2] https://bugzilla.redhat.com/show_bug.cgi?id=480590
Information forwarded
to debian-bugs-dist@lists.debian.org, Ola Lundqvist <opal@debian.org>:
Bug#513531; Package xvnc4viewer.
(Fri, 30 Jan 2009 07:18:02 GMT) (full text, mbox, link).
Acknowledgement sent
to opal@debian.org:
Extra info received and forwarded to list. Copy sent to Ola Lundqvist <opal@debian.org>.
(Fri, 30 Jan 2009 07:18:02 GMT) (full text, mbox, link).
Message #10 received at 513531@bugs.debian.org (full text, mbox, reply):
Hi Steffen
I'll upload a new package when built.
Can the package be built using etch as that is what I have on mu main
Debian development machine? I know that I got restrictions on some other
package lately.
Best regards,
// Ola
On Thu, Jan 29, 2009 at 05:30:24PM -0500, Steffen Joeris wrote:
> Package: xvnc4viewer
> Severity: grave
> Tags: security, patch
> Justification: user security hole
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for vnc4.
>
> CVE-2008-4770[0]:
> | The CMsgReader::readRect function in the VNC Viewer component in
> | RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
> | through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote
> | VNC servers to execute arbitrary code via crafted RFB protocol data,
> | related to "encoding type."
>
> The upstream patch[1] can be found in the redhat bugreport[2].
>
> For lenny, this could be fixed via migration from unstable. Please CC
> secure-testing-team@lists.alioth.debian.org when you email the release
> team and ask for the unblock, so we are kept in the loop.
>
> I guess the issue is also severe enough to warrant a DSA update. I
> haven't tried to exploit it yet though.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> Cheers
> Steffen
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770
> http://security-tracker.debian.net/tracker/CVE-2008-4770
> [1] https://bugzilla.redhat.com/attachment.cgi?id=329323
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=480590
>
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Annebergsslingan 37 \
| ola@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply sent
to Ola Lundqvist <opal@debian.org>:
You have taken responsibility.
(Fri, 30 Jan 2009 23:27:04 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(Fri, 30 Jan 2009 23:27:05 GMT) (full text, mbox, link).
Message #15 received at 513531-close@bugs.debian.org (full text, mbox, reply):
Source: vnc4
Source-Version: 4.1.1+X4.3.0-31
We believe that the bug you reported is fixed in the latest version of
vnc4, which is due to be installed in the Debian FTP archive:
vnc4_4.1.1+X4.3.0-31.diff.gz
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-31.diff.gz
vnc4_4.1.1+X4.3.0-31.dsc
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-31.dsc
vnc4server_4.1.1+X4.3.0-31_i386.deb
to pool/main/v/vnc4/vnc4server_4.1.1+X4.3.0-31_i386.deb
xvnc4viewer_4.1.1+X4.3.0-31_i386.deb
to pool/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-31_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513531@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ola Lundqvist <opal@debian.org> (supplier of updated vnc4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Jan 2009 19:27:21 +0100
Source: vnc4
Binary: vnc4server xvnc4viewer
Architecture: source i386
Version: 4.1.1+X4.3.0-31
Distribution: unstable
Urgency: high
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Ola Lundqvist <opal@debian.org>
Description:
vnc4server - Virtual network computing server software
xvnc4viewer - Virtual network computing client software for X
Closes: 513531
Changes:
vnc4 (4.1.1+X4.3.0-31) unstable; urgency=high
.
* Correction for CVE-2008-4770. Arbitrary code execution via crafted
RFB protocol data. Closes: #513531.
Files:
59be0980149d0ef90d88c3845db25ebf 663 x11 optional vnc4_4.1.1+X4.3.0-31.dsc
5ec0ca816b60a9cb91121602762ad666 51494 x11 optional vnc4_4.1.1+X4.3.0-31.diff.gz
d7f6fa25209d15105de9e70fc632a6a6 1894578 x11 optional vnc4server_4.1.1+X4.3.0-31_i386.deb
14f9b1751971870fe77d539d9701b847 139576 net optional xvnc4viewer_4.1.1+X4.3.0-31_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJg4MSGKGxzw/lPdkRAj/GAJ9WvqcfEvLnXMRBr2VWFcPoqYmZYACdFRqp
AEt1VRNDhbUnCNGn5am3lSM=
=R1D9
-----END PGP SIGNATURE-----
Reply sent
to Steffen Joeris <white@debian.org>:
You have taken responsibility.
(Sun, 15 Mar 2009 21:15:04 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(Sun, 15 Mar 2009 21:15:04 GMT) (full text, mbox, link).
Message #20 received at 513531-close@bugs.debian.org (full text, mbox, reply):
Source: vnc4
Source-Version: 4.1.1+X4.3.0-21+etch4
We believe that the bug you reported is fixed in the latest version of
vnc4, which is due to be installed in the Debian FTP archive:
vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
vnc4_4.1.1+X4.3.0-21+etch4.dsc
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch4.dsc
vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513531@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated vnc4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Jan 2009 19:09:27 +0000
Source: vnc4
Binary: vnc4-common vnc4server xvnc4viewer
Architecture: source i386
Version: 4.1.1+X4.3.0-21+etch4
Distribution: stable-security
Urgency: high
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description:
vnc4-common - Virtual network computing server software
vnc4server - Virtual network computing server software
xvnc4viewer - Virtual network computing client software for X
Closes: 513531
Changes:
vnc4 (4.1.1+X4.3.0-21+etch4) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix arbitrary code execution via crafted RFB protocol data
(Closes: #513531)
Fixes: CVE-2008-4770
Files:
0d0f0e7f58c6440481b8bfa83af8cd63 696 x11 optional vnc4_4.1.1+X4.3.0-21+etch4.dsc
b28c43385fe574d612ddbd0b645082f7 31536534 x11 optional vnc4_4.1.1+X4.3.0.orig.tar.gz
55c92400d7949023c3488dcec680d613 50904 x11 optional vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
a1e67da97e85e0ca290e3644b551c686 2015342 x11 optional vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
9cedf57dd52455c76332f585f6c52dc8 147628 net optional xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
27cf156a68540519f9efd4b81fd51dff 18640 x11 optional vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmDgXMACgkQ62zWxYk/rQc9RwCfWmEkYOwlTTqsjqFXkaVp3gge
HvUAoLsx2j6gSktmnafxfolx73leqoDX
=+/6F
-----END PGP SIGNATURE-----
Reply sent
to Steffen Joeris <white@debian.org>:
You have taken responsibility.
(Thu, 09 Apr 2009 17:24:05 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(Thu, 09 Apr 2009 17:24:05 GMT) (full text, mbox, link).
Message #25 received at 513531-close@bugs.debian.org (full text, mbox, reply):
Source: vnc4
Source-Version: 4.1.1+X4.3.0-21+etch4
We believe that the bug you reported is fixed in the latest version of
vnc4, which is due to be installed in the Debian FTP archive:
vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
vnc4_4.1.1+X4.3.0-21+etch4.dsc
to pool/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch4.dsc
vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
to pool/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513531@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated vnc4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Jan 2009 19:09:27 +0000
Source: vnc4
Binary: vnc4-common vnc4server xvnc4viewer
Architecture: source i386
Version: 4.1.1+X4.3.0-21+etch4
Distribution: stable-security
Urgency: high
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description:
vnc4-common - Virtual network computing server software
vnc4server - Virtual network computing server software
xvnc4viewer - Virtual network computing client software for X
Closes: 513531
Changes:
vnc4 (4.1.1+X4.3.0-21+etch4) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix arbitrary code execution via crafted RFB protocol data
(Closes: #513531)
Fixes: CVE-2008-4770
Files:
0d0f0e7f58c6440481b8bfa83af8cd63 696 x11 optional vnc4_4.1.1+X4.3.0-21+etch4.dsc
b28c43385fe574d612ddbd0b645082f7 31536534 x11 optional vnc4_4.1.1+X4.3.0.orig.tar.gz
55c92400d7949023c3488dcec680d613 50904 x11 optional vnc4_4.1.1+X4.3.0-21+etch4.diff.gz
a1e67da97e85e0ca290e3644b551c686 2015342 x11 optional vnc4server_4.1.1+X4.3.0-21+etch4_i386.deb
9cedf57dd52455c76332f585f6c52dc8 147628 net optional xvnc4viewer_4.1.1+X4.3.0-21+etch4_i386.deb
27cf156a68540519f9efd4b81fd51dff 18640 x11 optional vnc4-common_4.1.1+X4.3.0-21+etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmDgXMACgkQ62zWxYk/rQc9RwCfWmEkYOwlTTqsjqFXkaVp3gge
HvUAoLsx2j6gSktmnafxfolx73leqoDX
=+/6F
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 08 May 2009 07:28:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:03:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon