Note: This is an archival copy of Security Sun Alert 248526 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019901.1.
Solaris 10 Operating System
Date of Resolved Release
A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS)
The VNC viewer for X (vncviewer(1)) contains a security vulnerability within the validation function for the server-supplied RFB protocol data that may allow a remote unprivileged user to execute arbitrary code with the privileges of the local user and crash the viewer. The ability to crash the VNC viewer is a type of Denial of Service (DoS).
This issue is described in the following documents:
CVE-2008-4770 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770
2. Contributing Factors
This issue can occur in the following releases:
2. Only OpenSolaris installations including the affected binary /usr/bin/vncviewer, are impacted by this issue.
3. OpenSolaris distributions may include additional bug fixes above and beyond the base build from which it was derived. The base build can be derived as follows:
$ uname -a
There are no predictable symptoms that would indicate this issue has been exploited to execute arbitrary code.
In a Denial of Service occurrence, vncviewer(1) will exit prematurely and may generate an error message that references a segmentation violation and may also create a core(4) file.
To avoid this issue until patches can be applied, connect only to trusted VNC servers.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment