AT&T WinVNC Client Buffer Overflow Vulnerability
BID:2305
Info
AT&T WinVNC Client Buffer Overflow Vulnerability
| Bugtraq ID: | 2305 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2001-0167 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2001 12:00AM |
| Updated: | Nov 02 2007 04:26PM |
| Credit: | This vulnerability was discovered by Emiliano Kargieman, Agustin Azubel, and Maximiliano Caceres of Core-SDI, and announced to Bugtraq a Core-SDI Security Advisory on January 29, 2001. |
| Vulnerable: |
AT&T WinVNC Client 3.3.3 r7 AT&T WinVNC 3.3.3 r9 |
| Not Vulnerable: | |
Discussion
AT&T WinVNC Client Buffer Overflow Vulnerability
VNC is the Virtual Network Computing package, a freely available remote administration package designed to allow access to a remote system desktop. It is distributed and maintained by AT&T.
A problem with the client portion of the package could allow a remote user to execute arbitrary code. This is due to the handling of the 'rfbConnFailed' packet sent from the server to the client during connection and authentication.
This issue allows an attacker to execute code on a remote system, with the privileges of the user of the WinVNC client.
VNC is the Virtual Network Computing package, a freely available remote administration package designed to allow access to a remote system desktop. It is distributed and maintained by AT&T.
A problem with the client portion of the package could allow a remote user to execute arbitrary code. This is due to the handling of the 'rfbConnFailed' packet sent from the server to the client during connection and authentication.
This issue allows an attacker to execute code on a remote system, with the privileges of the user of the WinVNC client.
Exploit / POC
AT&T WinVNC Client Buffer Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available.
Solution / Fix
AT&T WinVNC Client Buffer Overflow Vulnerability
Solution:
A patch has been provided by Core-SDI as part of its advisory.
AT&T WinVNC Client 3.3.3 r7
Solution:
A patch has been provided by Core-SDI as part of its advisory.
AT&T WinVNC Client 3.3.3 r7
-
Core SDI VNC-clientBO.patch
ftp://ftp.core-sdi.com/pub/patches/VNC-clientBO.patch