Solution
Please Install the Updated Packages.
Insight
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling factor values. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the file transfer feature. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6055)
Affected
libvncserver on Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities