Published: 01/10/2013 Updated: 01/12/2013

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 715

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and previous versions, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote malicious users to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
david king vino 3.6.2
david king vino
david king vino 3.4.2
david king vino 3.2.1
david king vino 3.2.0
david king vino 3.1.2
david king vino 3.1.1
david king vino 2.99.3
david king vino 2.99.2
david king vino 2.8.0
david king vino 3.6.0
david king vino 3.6.1
david king vino 3.3.1
david king vino 3.2.2
david king vino 3.1.4
david king vino 3.1.3
david king vino 3.0.0
david king vino 2.99.5
david king vino 2.99.4
david king vino 2.8.1
david king vino 2.8.0.1
david king vino 2.7.4.90
david king vino 2.7.4
david king vino 2.31.4
david king vino 2.28.3
david king vino 2.27.5
david king vino 2.27
david king vino 2.25.5
david king vino 2.25.4
david king vino 2.23.5
david king vino 2.23
david king vino 2.21.3
david king vino 2.21.2
david king vino 2.19.5
david king vino 2.19
david king vino 2.16
david king vino 2.15
david king vino 2.11.1.2
david king vino 2.11.1.1
david king vino 3.5.2
david king vino 3.4.1
david king vino 3.4.0
david king vino 3.1.92
david king vino 3.1.91
david king vino 3.1
david king vino 3.0.3
david king vino 2.99.1
david king vino 2.99.0
david king vino 2.7.92
david king vino 2.7.91
david king vino 2.7
david king vino 2.32.2
david king vino 2.28
david king vino 2.27.92
david king vino 2.26
david king vino 2.25.92
david king vino 2.24.1
david king vino 2.24
david king vino 2.23.92
david king vino 2.22
david king vino 2.21.92
david king vino 2.20.1
david king vino 2.20
david king vino 2.17.92
david king vino 2.17.5
david king vino 2.17.4
david king vino 2.13
david king vino 2.12
david king vino 2.10
david king vino 0.14
david king vino 2.8
david king vino 2.7.3.1
david king vino 2.7.3
david king vino 2.28.2
david king vino 2.28.1
david king vino 2.26.2
david king vino 2.26.1
david king vino 2.25.3
david king vino 2.25
david king vino 2.22.2
david king vino 2.22.1
david king vino 2.21.1
david king vino 2.21
david king vino 2.18.1
david king vino 2.18
david king vino 2.14
david king vino 2.13.5
david king vino 2.11.1
david king vino 2.11
david king vino 3.5.90
david king vino 3.5.92
david king vino 3.3.92
david king vino 3.3.3
david king vino 3.1.90
david king vino 3.1.5
david king vino 3.0.2
david king vino 3.0.1
david king vino 2.9.2
david king vino 2.9
david king vino 2.7.90
david king vino 2.7.4.91
david king vino 2.32.1
david king vino 2.32.0
david king vino 2.31.91
david king vino 2.27.91
david king vino 2.27.90
david king vino 2.25.91
david king vino 2.25.90
david king vino 2.23.91
david king vino 2.23.90
david king vino 2.21.91
david king vino 2.21.90
david king vino 2.19.92
david king vino 2.19.90
david king vino 2.17.2
david king vino 2.17
david king vino 2.11.92
david king vino 2.11.90
david king vino 0.12
canonical ubuntu linux 12.04
canonical ubuntu linux 13.04
canonical ubuntu linux 12.10

Synopsis Moderate: vino security update Type/Severity Security Advisory: Moderate Topic Updated vino packages that fix one security issue are now available for RedHat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability S ...

Debian Bug report logs - #724545 vino: CVE-2013-5745 denial of service via infinite loop Package: vino; Maintainer for vino is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for vino is src:vino (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 24 Sep 2013 23 ...

Vino could be made to hang if it received specially crafted network traffic ...

Trustwave SpiderLabs Security Advisory TWSL2013-028: Persistent Denial of Service Vulnerability in Vino VNC Server Published: 09/16/13 Version: 10 Vendor: The GNOME Project (wikignomeorg/Vino) Product: Vino VNC Server Version affected: Vino VNC Server 373 and earlier versions (38 stable release is affected if encryption is disabled) ...

The Vino VNC server, which is also the default VNC server in Ubuntu (342-0ubuntu12), is vulnerable to a persistent denial of service vulnerability The vulnerability is triggered when a VNC client, who claims to only support protocol version 33, sends malformed data during the authentication selection stage of the authentication process ...

CWE-20 https://bugzilla.gnome.org/show_bug.cgi?id=707905 https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt https://bugzilla.gnome.org/show_bug.cgi?id=641811 http://www.ubuntu.com/usn/USN-1980-1 http://secunia.com/advisories/55090 http://rhn.redhat.com/errata/RHSA-2013-1452.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html https://access.redhat.com/errata/RHSA-2013:1452 https://usn.ubuntu.com/1980-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/28338/

Get Started

CVE-2013-5745

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect