Secunia SmallBusiness
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2011-0904
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2011-0904

Description:
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/67243

UBUNTU
  http://www.ubuntu.com/usn/usn-1128-1/

SAID
  Secunia Advisory: SA44410
  Secunia Advisory: SA44463

REDHAT
  http://rhn.redhat.com/errata/RHSA-2013-0169.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2011:087

DEBIAN
  http://www.debian.org/security/2011/dsa-2238

CONFIRM
  http://git.gnome.org/browse/vino/tree/NEWS
  http://git.gnome.org/browse/vino/log/?h=gnome-2-30
  http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d
  http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
  http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a
  http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279
  http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f
  http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0
  http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
  http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
  http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news

BID
  47681


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability