Vulnerabilities > CVE-2014-0011 - Out-of-bounds Write vulnerability in Tigervnc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-4112.NASL description This update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-03-25 plugin id 73170 published 2014-03-25 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73170 title Fedora 20 : tigervnc-1.3.0-14.fc20 (2014-4112) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201411-03.NASL description The remote host is affected by the vulnerability described in GLSA-201411-03 (TigerVNC: User-assisted execution of arbitrary code) Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact : A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 78881 published 2014-11-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78881 title GLSA-201411-03 : TigerVNC: User-assisted execution of arbitrary code NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-576.NASL description A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it. last seen 2020-06-01 modified 2020-06-02 plugin id 85231 published 2015-08-05 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85231 title Amazon Linux AMI : tigervnc (ALAS-2015-576) NASL family CGI abuses NASL id TIGERVNC_1_3_1.NASL description According to its self-identified version number, the TigerVNC install hosted on the remote web server is affected by a heap-based buffer overflow vulnerability. A flaw exists when performing bounds check during ZRLE decoding. This could allow a remote attacker with a malicious server and a specially crafted request to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 73339 published 2014-04-04 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73339 title TigerVNC < 1.3.1 ZRLE Heap-based Buffer Overflow NASL family Fedora Local Security Checks NASL id FEDORA_2014-4180.NASL description This update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. This update contains some small fixes for issues that could cause the server or the viewer to crash, and includes a change that makes vncserver create clearer xstartup files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-07 plugin id 73352 published 2014-04-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73352 title Fedora 19 : tigervnc-1.3.0-10.fc19 (2014-4180)
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-0011 TigerVNC是一种先进的VNC的实现。 由于"ZRLE_DECODE()"功能(common/rfb/zrleDecode.h)存在边界错误,攻击者可以利用漏洞导致缓冲区溢出。 0 TigerVNC 1.x TigerVNC 1.3.1版本以修复此漏洞,建议用户下载使用: http://sourceforge.net/projects/tigervnc/ |
| id | SSV:61896 |
| last seen | 2017-11-19 |
| modified | 2014-03-21 |
| published | 2014-03-21 |
| reporter | Root |
| title | TigerVNC "ZRLE_DECODE()"缓冲区溢出漏洞 |