Red Hat Security Advisory 2013-1452-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted for this update to take effect.
8918c51a4d5096f3603f0ccb0d01438f72d90b8af5cba89f0c34d75790db9bfbUbuntu Security Notice 1980-1 - Jonathan Claudius discovered that Vino incorrectly handled closing invalid connections. A remote attacker could use this issue to cause Vino to consume resources, resulting in a denial of service.
b22d7432e930f96bb7c0251a219c0f000e6805edc6cde35f9a411c55248ef6d8The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.
2a86c57ec668584e1c10178732acfc9a1b36983b15434b763d969877df0a7998
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed