GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 06, 2009 10:26 pm Post subject: [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbit |
 |
|
Gentoo Linux Security Advisory
Title: Vinagre: User-assisted execution of arbitrary code (GLSA 200903-01)
Severity: normal
Exploitable: remote
Date: March 06, 2009
Bug(s): #250314
ID: 200903-01
Synopsis
A format string error in Vinagre may allow for the execution of arbitrary
code.
Background
Vinagre is a VNC Client for the GNOME Desktop.
Affected Packages
Package: net-misc/vinagre
Vulnerable: < 0.5.2
Unaffected: >= 0.5.2
Architectures: All supported architectures
Description
Alfredo Ortega (Core Security Technologies) reported a format string
error in the vinagre_utils_show_error() function in
src/vinagre-utils.c.
Impact
A remote attacker could entice a user into opening a specially crafted
.vnc file or connecting to a malicious server, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
Workaround
There is no known workaround at this time.
Resolution
All Vinagre users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vinagre-0.5.2" |
References
CVE-2008-5660
Last edited by GLSA on Wed May 07, 2014 4:28 am; edited 4 times in total |
|
News & Announcements
