6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.3%
Issue Overview:
Buffer overflow in ModifiablePixelBuffer::fillRect
A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581)
VNC server can crash when TLS handshake terminates early:
A denial of service flaw was found in the TigerVNC’s Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207)
SSecurityVeNCrypt memory leak:
A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392)
Double free via crafted fences:
A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393)
Server crash via long usernames:
A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394)
Integer overflow in SMsgReader::readClientCutText:
An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395)
SecurityServer and ClientServer memory leaks:
A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396)
Affected Packages:
tigervnc
Issue Correction:
Run yum update tigervnc to update your system.
New Packages:
i686:
tigervnc-debuginfo-1.8.0-1.32.amzn1.i686
tigervnc-server-module-1.8.0-1.32.amzn1.i686
tigervnc-server-1.8.0-1.32.amzn1.i686
tigervnc-1.8.0-1.32.amzn1.i686
src:
tigervnc-1.8.0-1.32.amzn1.src
x86_64:
tigervnc-1.8.0-1.32.amzn1.x86_64
tigervnc-server-module-1.8.0-1.32.amzn1.x86_64
tigervnc-server-1.8.0-1.32.amzn1.x86_64
tigervnc-debuginfo-1.8.0-1.32.amzn1.x86_64
Red Hat: CVE-2016-10207, CVE-2017-5581, CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396
Mitre: CVE-2016-10207, CVE-2017-5581, CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | tigervnc-debuginfo | < 1.8.0-1.32.amzn1 | tigervnc-debuginfo-1.8.0-1.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | tigervnc-server-module | < 1.8.0-1.32.amzn1 | tigervnc-server-module-1.8.0-1.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | tigervnc-server | < 1.8.0-1.32.amzn1 | tigervnc-server-1.8.0-1.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | tigervnc | < 1.8.0-1.32.amzn1 | tigervnc-1.8.0-1.32.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | tigervnc | < 1.8.0-1.32.amzn1 | tigervnc-1.8.0-1.32.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | tigervnc-server-module | < 1.8.0-1.32.amzn1 | tigervnc-server-module-1.8.0-1.32.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | tigervnc-server | < 1.8.0-1.32.amzn1 | tigervnc-server-1.8.0-1.32.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | tigervnc-debuginfo | < 1.8.0-1.32.amzn1 | tigervnc-debuginfo-1.8.0-1.32.amzn1.x86_64.rpm |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.3%