TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Linux) Network Vulnerability

Summary

This host is running TightVNC and is prone to Multiple Integer Overflow Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Impact level: Application/System

Solution

Upgrade to the latest version 1.3.10 http://www.tightvnc.com/download.html

Insight

Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input.

Affected

TightVNC version 1.3.9 and prior on Linux.

References

http://www.coresecurity.com/content/vnc-integer-overflows

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0388
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ALLMediaServer Request Handling Buffer Overflow Vulnerability
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
avast! Multiple Vulnerabilities - Oct09 (Win)
Adobe Photoshop Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities