Rapid7 Vulnerability & Exploit Database

RHSA-2009:0261: vnc security update

Back to Search

RHSA-2009:0261: vnc security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/16/2009
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

Virtual Network Computing (VNC) is a remote display system which allows youto view a computer's "desktop" environment not only on the machine where itis running, but from anywhere on the Internet and from a wide variety ofmachine architectures.An insufficient input validation flaw was discovered in the VNC clientapplication, vncviewer. If an attacker could convince a victim to connectto a malicious VNC server, or when an attacker was able to connect tovncviewer running in the "listen" mode, the attacker could cause thevictim's vncviewer to crash or, possibly, execute arbitrary code.(CVE-2008-4770)Users of vncviewer should upgrade to these updated packages, which containa backported patch to resolve this issue. For the update to take effect,all running instances of vncviewer must be restarted after the update isinstalled.

Solution(s)

  • redhat-upgrade-vnc
  • redhat-upgrade-vnc-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;