Vino VNC Server Remote Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Vino VNC Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to to cause a denial of service. Additionally, after the failure condition has occurred, the log file (~/.xsession-errors) grows quickly. Impact Level: Application

Solution

Upgrade to version 3.7.4 or later, https://wiki.gnome.org/Vino

Insight

Vulnerability is triggered when a VNC client claims to only support protocol version 3.3 and sends malformed data during the authentication selection stage of the authentication process.

Affected

Vino VNC Server version 3.7.3 and prior.

Detection

Send crafted request and check is it vulnerable to DoS or not.

References

http://osvdb.org/97419
http://www.exploit-db.com/exploits/28338
http://xforce.iss.net/xforce/xfdb/87155
https://access.redhat.com/security/cve/CVE-2013-5745
https://bugzilla.gnome.org/show_bug.cgi?id=641811
https://bugzilla.gnome.org/show_bug.cgi?id=707905

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5745
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
Adobe Reader/Acrobat Denial of Service Vulnerability (May09)
ActFax LPD/LPR Server Denial of Service Vulnerability
Active Perl Modules Multiple Vulnerabilities (Windows)
Checkpoint Firewall-1 UDP denial of service

Take action and discover your vulnerabilities