10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.212 Low
EPSS
Percentile
96.5%
A buffer overflow in the WinVNC server on Windows systems can allow an intruder to gain control of the VNC server and execute arbitrary code with the privileges of the user running the server.
AT&T WinVNC is a free software package available from AT&T Labs Cambridge that allows users to interact with the desktop of a remote Windows host. By providing a specially crafted HTTP request to the VNC server, an attacker can overflow a buffer in Log.cpp, resulting in access to the VNC server and the ability to execute arbitrary code with the privileges of the user running the server. It is worth noting that the VNC server does not listen on 80/tcp by default. See the following url:
<http://www.uk.research.att.com/vnc/faq.html#q52>
Local and remote users can execute arbitrary code with the privileges of the user running the server.
Apply this patch while inside the vnc_winsrc/winvnc
directory:
-– Log.cpp Mon Jan 15 18:17:46 2001
+++ Log.cpp Mon Jan 15 18:18:31 2001
@@ -130,7 +130,7 @@
// - Write the log message
TCHAR line[LINE_BUFFER_SIZE];
- vsprintf(line, format, ap);
+ _vsnprintf(line, sizeof(line)-sizeof(TCHAR), format, ap);
ReallyPrintLine(line);
}
598581
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 15, 2001 Updated: June 15, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.kb.cert.org/vuls/id/598581>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23598581 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Our thanks to CORE SDI for the information contained in their bulletin.
This document was written by Ian A. Finlay and is based on information obtained from a Core SDI Security Advisory.
CVE IDs: | CVE-2001-0168 |
---|---|
Severity Metric: | 12.60 Date Public: |