Mandriva Update For Vinagre MDVSA-2008:240 (vinagre) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.

Affected

vinagre on Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-5660
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:053 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)

Mandriva Update for vinagre MDVSA-2008:240 (vinagre)

Take action and discover your vulnerabilities