Published: 30/09/2014 Updated: 23/10/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and previous versions allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 21
fedoraproject fedora 20
debian debian linux 7.0
redhat enterprise linux server aus 6.5
redhat enterprise linux server eus 6.5.z
libvncserver libvncserver

Synopsis Moderate: libvncserver security update Type/Severity Security Advisory: Moderate Topic Updated libvncserver packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Moderate securityimpac ...

Debian Bug report logs - #762745 [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Luciano Bello <luciano@debianorg> Date: Wed, 24 Sep 2014 21:24:02 UTC Severity: grave Tags: patch, security Fi ...

Several security issues were fixed in LibVNCServer ...

Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side For the stable distribution (wheezy), these problems have been fixed in version 099+dfsg-1+deb7u1 For the ...

Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers A remote attacker could use this flaw to crash the VNC server using a malicious VNC client ...

CWE-119 http://www.ocert.org/advisories/ocert-2014-007.html http://www.securityfocus.com/bid/70096 http://seclists.org/oss-sec/2014/q3/639 https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e http://www.openwall.com/lists/oss-security/2014/09/25/11 http://secunia.com/advisories/61506 http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677 https://www.kde.org/info/security/advisory-20140923-1.txt http://www.debian.org/security/2014/dsa-3081 http://rhn.redhat.com/errata/RHSA-2015-0113.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://security.gentoo.org/glsa/201507-07 https://exchange.xforce.ibmcloud.com/vulnerabilities/96187 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/4587-1/https://access.redhat.com/errata/RHSA-2015:0113 https://usn.ubuntu.com/2365-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-6055

CVE-2014-6055

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect