blob: 7ea40360336a2bbaba0f6e634c464726898cba82 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200903-17">
<title>Real VNC: User-assisted execution of arbitrary code</title>
The Real VNC client is vulnerable to execution of arbitrary code when
connecting to a malicious server.
<product type="ebuild">vnc</product>
<announced>March 09, 2009</announced>
<revised>March 09, 2009: 01</revised>
<package name="net-misc/vnc" auto="yes" arch="*">
<unaffected range="ge">4.1.3</unaffected>
<vulnerable range="lt">4.1.3</vulnerable>
Real VNC is a remote desktop viewer display system.
An unspecified vulnerability has been discovered int the
CMsgReader::readRect() function in the VNC Viewer component, related to
the encoding type of RFB protocol data.
<impact type="normal">
A remote attacker could entice a user to connect to a malicious VNC
server, or leverage Man-in-the-Middle attacks, to cause the execution
of arbitrary code with the privileges of the user running the VNC
There is no known workaround at this time.
All Real VNC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/vnc-4.1.3&quot;</code>
<uri link="">CVE-2008-4770</uri>
<metadata tag="requester" timestamp="Wed, 28 Jan 2009 00:30:00 +0000">
<metadata tag="submitter" timestamp="Thu, 12 Feb 2009 16:35:19 +0000">
<metadata tag="bugReady" timestamp="Thu, 12 Feb 2009 16:35:29 +0000">