Vulnerability Name:

CVE-2014-6052

Assigned:2014-09-01
Published:2014-09-23
Updated:2016-12-21
Summary:The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
CVSS v3 Severity:7.3 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
CWE-476
References:Source: SUSE
Type: UNKNOWN
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html

Source: MLIST
Type: VENDOR_ADVISORY
http://seclists.org/oss-sec/2014/q3/639

Source: UBUNTU
Type: VENDOR_ADVISORY
http://ubuntu.com/usn/usn-2365-1

Source: DEBIAN
Type: VENDOR_ADVISORY
http://www.debian.org/security/2014/dsa-3081

Source: MISC
Type: VENDOR_ADVISORY
http://www.ocert.org/advisories/ocert-2014-007.html

Source: MLIST
Type: VENDOR_ADVISORY
http://www.openwall.com/lists/oss-security/2014/09/25/11

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: BID
Type: UNKNOWN
70091

Source: CONFIRM
Type: PATCH
https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812

Source: GENTOO
Type: UNKNOWN
https://security.gentoo.org/glsa/201507-07

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:oracle:solaris:11.3:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20146052
    V
    CVE-2014-6052
    2017-09-24
    oval:org.mitre.oval:def:28208
    P
    RHSA-2014:1826 -- libvncserver security update (Moderate)
    2015-01-26
    oval:org.mitre.oval:def:28422
    P
    DSA-3081-1 -- libvncserver security update
    2015-01-26
    oval:org.mitre.oval:def:28316
    P
    ELSA-2014-1826 -- libvncserver security update (moderate)
    2014-12-29
    oval:com.ubuntu.precise:def:20146052000
    V
    CVE-2014-6052 on Ubuntu 12.04 LTS (precise) - medium.
    2014-12-15
    oval:com.ubuntu.trusty:def:20146052000
    V
    CVE-2014-6052 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-12-15
    oval:org.mitre.oval:def:27178
    P
    USN-2365-1 -- libvncserver vulnerabilities
    2014-12-01
    oval:com.redhat.rhsa:def:20141826
    P
    RHSA-2014:1826: libvncserver security update (Moderate)
    2014-11-11
    BACK
    libvncserver libvncserver 0.9.9
    oracle solaris 11.3
    debian debian_linux 7.0
    canonical ubuntu_linux 12.04
    canonical ubuntu_linux 14.04
    redhat enterprise_linux 7
    redhat enterprise_linux 6