CVE-2014-6051 – libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-6051
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. Desbordamiento de enteros en la función MallocFrameBuffer en vncviewer.c en LibVNCServer 0.9.9 y anteriores permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un anuncio para un tamaño grande de pantalla, lo que provoca un desbordamiento de buffer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-0113.html http://seclists.org/oss-sec/2014/q3/639 http://secunia.com/advisories/61506 http://www.debian.org/security/2014/dsa-3081 http://www.ocert.org/advisories/ocert-2014-007.html http://www.openwall.com/lists& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2006-2450
https://notcve.org/view.php?id=CVE-2006-2450
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. auth.c en LibVNCServer 0.7.1 permite a atacantes remotos evitar la validación a través de una respuesta en la cual el cliente especifica un tipo de seguridad insegura como por ejemplo "Tipo 1 - None", el cual es aceptado siempre aunque no es ofrecida por el servidor, un asunto diferente que CVE-2006-2369. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824 http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/libvncserver/auth.c?r1=1.11&r2=1.14&diff_format=u http://seclists.org/fulldisclosure/2022/May/29 http://secunia.com/advisories/20940 http://secunia.com/advisories/21179 http://secunia.com/advisories/21349 http://secunia.com/advisories/21393 http://secunia.com/advisories/21405 http://secunia.com/advisories/24525 http://security.gentoo.org/glsa/glsa-200608-05 •