Vulnerability CVE-2008-4770 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4770 (CCN-47937)

Assigned:

2008-11-26

Published:

2008-11-26

Updated:

2017-09-29

Summary:

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4770

Source: CCN
Type: RHSA-2009-0261
Moderate: vnc security update

Source: CCN
Type: SA32317
RealVNC VNC Viewer "CMsgReader::readRect()" Encoding Type Vulnerability

Source: SECUNIA
Type: UNKNOWN
32317

Source: CCN
Type: SA33068
Sun Solaris VNCViewer Vulnerability

Source: SECUNIA
Type: UNKNOWN
33689

Source: SECUNIA
Type: UNKNOWN
34184

Source: CONFIRM
Type: Patch, Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1

Source: SUNALERT
Type: Vendor Advisory
248526

Source: CCN
Type: Sun Alert ID: 248526
A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS)

Source: CCN
Type: ASA-2009-029
A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS) (Sun 248526)

Source: CCN
Type: ASA-2009-062
vnc security update (RHSA-2009-0261)

Source: CCN
Type: NORTEL BULLETIN ID: 2009009313, Rev 1
Nortel Response to Sun Alert 248526 - Solaris vncviewer(1) RFB Protocol Validation

Source: DEBIAN
Type: DSA-1716
vnc4 -- integer overflow

Source: CCN
Type: GLSA-200903-17
Real VNC: User-assisted execution of arbitrary code

Source: GENTOO
Type: UNKNOWN
GLSA-200903-17

Source: CCN
Type: RealVNC Web site
RealVNC - RealVNC remote control software

Source: CCN
Type: VNC-List Mailing List
VNC Viewer Vulnerability CVE-2008-4770

Source: MLIST
Type: UNKNOWN
[vnc-list] 20081126 VNC Viewer Vulnerability CVE-2008-4770

Source: CONFIRM
Type: UNKNOWN
http://www.realvnc.com/products/free/4.1/release-notes.html

Source: CONFIRM
Type: Vendor Advisory
http://www.realvnc.com/products/upgrade.html

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0261

Source: BID
Type: UNKNOWN
31832

Source: CCN
Type: BID-31832
RealVNC 4.1.2 'CMsgReader::readRect()' Remote Code Execution Vulnerability

Source: BID
Type: UNKNOWN
33263

Source: CCN
Type: BID-33263
RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-2868

Source: XF
Type: UNKNOWN
realvnc-cmsgreader-code-execution(45969)

Source: XF
Type: UNKNOWN
realvnc-rfb-protocol-code-execution(47937)

Source: XF
Type: UNKNOWN
realvnc-rfb-protocol-code-execution(47937)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9367

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-1001

Vulnerable Configuration:

Configuration 1:

cpe:/a:realvnc:realvnc:4.0:*:free:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:4.1.2:*:free:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:4.4.2:*:enterprise:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:e4.0:*:enterprise:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:p4.0:*:personal:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:p4.4.2:*:personal:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/a:realvnc:realvnc:4.1.2::free:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:29367	P	RHSA-2009:0261 -- vnc security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:13774	P	DSA-1716-1 vnc4 -- integer overflow	2014-06-23
oval:org.mitre.oval:def:7807	P	DSA-1716 vnc4 -- integer overflow	2014-06-23
oval:org.mitre.oval:def:22776	P	ELSA-2009:0261: vnc security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:9367	V	The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."	2013-04-29
oval:com.redhat.rhsa:def:20090261	P	RHSA-2009:0261: vnc security update (Moderate)	2009-02-11
oval:org.debian:def:1716	V	integer overflow	2009-01-31