CVE-2014-6055
published 2014-09-30CVE-2014-6055: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a…
medium6.5CVSS 3.1
AVNACLAuSCPIPAP
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libvncserver | libvncserver | <= 0.9.9 | — |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-1ubuntu1.1 | 0.9.9+dfsg-1ubuntu1.1 |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
CVSS provenance
nvd6.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv7.5HIGH
GHSA
GHSA-ggwh-wx55-84cx: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver
ghsa_unreviewed·2022-05-13
CVE-2014-6055 [MEDIUM] CWE-119 GHSA-ggwh-wx55-84cx: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
OSV
italc vulnerabilities
osv·2020-10-20·CVSS 7.5
CVE-2014-6051 [HIGH] italc vulnerabilities
italc vulnerabilities
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibl
OSV
CVE-2014-6055: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver
osv·2014-09-30·CVSS 6.5
CVE-2014-6055 [MEDIUM] CVE-2014-6055: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
OSV
libvncserver vulnerabilities
osv·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] libvncserver vulnerabilities
libvncserver vulnerabilities
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVN
Ubuntu
iTALC vulnerabilities
vendor_ubuntu·2020-10-20·CVSS 7.5
CVE-2018-20749 [HIGH] iTALC vulnerabilities
Title: iTALC vulnerabilities
Summary: Several security issues were fixed in iTALC.
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker c
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a d
Red Hat
libvncserver: server stacked-based buffer overflow flaws in file transfer handling
vendor_redhat·2014-09-23·CVSS 6.5
CVE-2014-6055 [MEDIUM] CWE-121 libvncserver: server stacked-based buffer overflow flaws in file transfer handling
libvncserver: server stacked-based buffer overflow flaws in file transfer handling
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.
Package: kdenetwork (Red Hat Enterprise Linux 5) - Not affected
Package: kdenetwork (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2014-6055: libvncserver - Multiple stack-based buffer overflows in the File Transfer feature in rfbserver....
vendor_debian·2014·CVSS 6.5
CVE-2014-6055 [MEDIUM] CVE-2014-6055: libvncserver - Multiple stack-based buffer overflows in the File Transfer feature in rfbserver....
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Scope: local
bookworm: resolved (fixed in 0.9.9+dfsg-6.1)
bullseye: resolved (fixed in 0.9.9+dfsg-6.1)
forky: resolved (fixed in 0.9.9+dfsg-6.1)
sid: resolved (fixed in 0.9.9+dfsg-6.1)
trixie: resolved (fixed in 0.9.9+dfsg-6.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug fo
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for libvncserver
Bugzilla
CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling
bugzilla·2014-09-19·CVSS 6.5
CVE-2014-6055 [MEDIUM] CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling
CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling
Two stack-based buffer overflow flaws were reported in LibVNCServer's file transfer handling. A VNC client could use these flaws to cause the VNC server to crash or, potentially, execute arbitrary code.
Upstream commits:
https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
Discussion:
(In reply to Murray McAllister from comment #0)
> Upstream commits:
>
> https://github.com/newsoft/libvncserver/commit/
> 06ccdf016154fde8eccb5355613ba04c59127b2e
>
The change contains:
-rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, char *path, char *unixPath)
+rfbBool rfbFilename
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0113.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.securityfocus.com/bid/70096https://exchange.xforce.ibmcloud.com/vulnerabilities/96187https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2ehttps://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/https://www.kde.org/info/security/advisory-20140923-1.txthttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0113.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.securityfocus.com/bid/70096https://exchange.xforce.ibmcloud.com/vulnerabilities/96187https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2ehttps://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/https://www.kde.org/info/security/advisory-20140923-1.txt
2014-09-30
Published