UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
BID:17378
Info
UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17378 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2006 12:00AM |
| Updated: | Jun 21 2006 09:55PM |
| Credit: | Luigi Auriemma <[email protected]> discovered these issues. |
| Vulnerable: |
Ultr@VNC Ultr@VNC 1.0.1 |
| Not Vulnerable: |
Ultr@VNC Ultr@VNC 1.0.2 |
Discussion
UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
UltraVNC is susceptible to multiple error-logging remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
UltraVNC is susceptible to multiple error-logging remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
Exploit / POC
UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
Proof-of-concept exploit code designed to crash both clients and servers is available.
Exploit code designed to execute 'calc' on Microsoft Windows in clients is available.
Proof-of-concept exploit code designed to crash both clients and servers is available.
Exploit code designed to execute 'calc' on Microsoft Windows in clients is available.
Solution / Fix
UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
Solution:
The vendor has released version 1.0.2 to address this issue. Users are advised to contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has released version 1.0.2 to address this issue. Users are advised to contact the vendor for details on obtaining the appropriate updates.
References
UltraVNC Multiple Remote Error Logging Buffer Overflow Vulnerabilities
References:
References:
- UltraVNC 1.0.2 Test (ter) is online for testing (UltraSam)
- UltraVNC Home Page (UltraVNC)
- Buffer-overflow in Ultr@VNC 1.0.1 viewer and server (Luigi Auriemma