Vulnerabilities > CVE-2014-0011 - Out-of-bounds Write vulnerability in Tigervnc

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
tigervnc
CWE-787
critical
nessus

Summary

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4112.NASL
    descriptionThis update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-03-25
    plugin id73170
    published2014-03-25
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73170
    titleFedora 20 : tigervnc-1.3.0-14.fc20 (2014-4112)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201411-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201411-03 (TigerVNC: User-assisted execution of arbitrary code) Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact : A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id78881
    published2014-11-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78881
    titleGLSA-201411-03 : TigerVNC: User-assisted execution of arbitrary code
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-576.NASL
    descriptionA heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.
    last seen2020-06-01
    modified2020-06-02
    plugin id85231
    published2015-08-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85231
    titleAmazon Linux AMI : tigervnc (ALAS-2015-576)
  • NASL familyCGI abuses
    NASL idTIGERVNC_1_3_1.NASL
    descriptionAccording to its self-identified version number, the TigerVNC install hosted on the remote web server is affected by a heap-based buffer overflow vulnerability. A flaw exists when performing bounds check during ZRLE decoding. This could allow a remote attacker with a malicious server and a specially crafted request to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id73339
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73339
    titleTigerVNC < 1.3.1 ZRLE Heap-based Buffer Overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4180.NASL
    descriptionThis update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. This update contains some small fixes for issues that could cause the server or the viewer to crash, and includes a change that makes vncserver create clearer xstartup files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-07
    plugin id73352
    published2014-04-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73352
    titleFedora 19 : tigervnc-1.3.0-10.fc19 (2014-4180)

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2014-0011 TigerVNC是一种先进的VNC的实现。 由于&quot;ZRLE_DECODE()&quot;功能(common/rfb/zrleDecode.h)存在边界错误,攻击者可以利用漏洞导致缓冲区溢出。 0 TigerVNC 1.x TigerVNC 1.3.1版本以修复此漏洞,建议用户下载使用: http://sourceforge.net/projects/tigervnc/
idSSV:61896
last seen2017-11-19
modified2014-03-21
published2014-03-21
reporterRoot
titleTigerVNC &quot;ZRLE_DECODE()&quot;缓冲区溢出漏洞