CVE-2014-6055

2014-09-2400:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.4%

JSON

Multiple stack-based buffer overflows in the File Transfer feature in
rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated
users to cause a denial of service (crash) and possibly execute arbitrary
code via a (1) long file or (2) directory name or the (3) FileTime
attribute in a rfbFileTransferOffer message.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6055>

Notes

Author	Note
mdeslaur	fix may break ABI

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchitalc< 1:2.0.2+dfsg1-4ubuntu0.1UNKNOWN
ubuntu14.04noarchkrfb< 4:4.13.3-0ubuntu1.1UNKNOWN
ubuntu12.04noarchlibvncserver< 0.9.8.2-2ubuntu1.1UNKNOWN
ubuntu14.04noarchlibvncserver< 0.9.9+dfsg-1ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	italc	< 1:2.0.2+dfsg1-4ubuntu0.1	UNKNOWN
ubuntu	14.04	noarch	krfb	< 4:4.13.3-0ubuntu1.1	UNKNOWN
ubuntu	12.04	noarch	libvncserver	< 0.9.8.2-2ubuntu1.1	UNKNOWN
ubuntu	14.04	noarch	libvncserver	< 0.9.9+dfsg-1ubuntu1.1	UNKNOWN