Package: vino Severity: grave Tags: security Hi, the following vulnerability was published for vino.
CVE-2013-5745[0]: | Persistent DoS Vulnerability in Vino VNC Server | | This vulnerability is triggered when the user is required to enter a password. | The server closes the client connection on receiving an unexpected input | sequence from the client. | | The unprocessed client data remains in the buffer; the server does not remove | them from buffer since the client connection has been closed. | The result is an infinite loop at the do-while (more_data_pending | (rfb_client->sock)) in vino-server.c:415 | The gdm and vino-server processes together take up 100% CPU, causing denial of | service (see screenshot). | In our tests, the DOS is triggered when the same input sequence is replayed | twice (see pcap). | | vino-server.c:415 (vino 2.26.1): | 407:vino_server_client_data_pending (GIOChannel *source, | 408: GIOCondition condition, | 409: rfbClientPtr rfb_client) | 410:{ | 411: if (rfb_client->onHold) | 412: return TRUE; | 414: do { | 415: rfbProcessClientMessage (rfb_client); | 416: } while (more_data_pending (rfb_client->sock)); | | The original 2.26.1 binary, pcap and screenshot are attached with this email. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745 http://security-tracker.debian.org/tracker/CVE-2013-5745 https://bugzilla.gnome.org/show_bug.cgi?id=641811 Please adjust the affected versions in the BTS as needed. -- Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpboSmVJ1snk.pgp
Description: PGP signature