[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-5745

Date: (C)2013-10-09   (M)2017-11-18 


The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

CVSS Score: 7.1Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECUNIA-55090
RHSA-2013:1452
SUSE-SU-2013:1631
USN-1980-1
https://bugzilla.gnome.org/show_bug.cgi?id=641811
https://bugzilla.gnome.org/show_bug.cgi?id=707905
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt

CPE    122
cpe:/a:david_king:vino:3.7.3
cpe:/a:david_king:vino:3.3.3
cpe:/a:david_king:vino:3.3.1
cpe:/a:david_king:vino:2.7.91
...
CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:501120
oval:org.secpod.oval:def:202955
oval:org.secpod.oval:def:202958
oval:org.secpod.oval:def:1500267
...

© 2013 SecPod Technologies