[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-5745

Date: (C)2013-10-09   (M)2016-07-22
 
CVSS Score: 7.1Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Reference:
SECUNIA-55090
RHSA-2013:1452
SUSE-SU-2013:1631
USN-1980-1
https://bugzilla.gnome.org/show_bug.cgi?id=641811
https://bugzilla.gnome.org/show_bug.cgi?id=707905
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt

CPE    122
cpe:/a:david_king:vino:3.7.3
cpe:/a:david_king:vino:3.5.90
cpe:/a:david_king:vino:3.5.92
cpe:/a:david_king:vino:3.5.2
...
CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:701440
oval:org.secpod.oval:def:501120
oval:org.secpod.oval:def:202955
oval:org.secpod.oval:def:202958
...

© 2013 SecPod Technologies