Bug 1151307 (CVE-2014-8240)

Summary: CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
Product: [Other] Security Response Reporter: Siddharth Sharma <sisharma>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, niveditha.rau, slawomir, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-20 05:29:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1248422    
Bug Blocks: 1210268, 1248061    
Attachments:
Description Flags
tigervnc-1.3.1-CVE-2014-8240.patch (proposed 1.3.1 patch) none

Description Siddharth Sharma 2014-10-10 05:16:57 UTC
This issue was discovered by Tim Waugh of Red Hat. Tigervnc is affected by same thing as in CVE-2014-6051. Integer overflaw leading to a heap-based buffer overflow was found in the way screen sizes were handled. A Malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.

Comment 7 Tim Waugh 2014-10-16 11:41:25 UTC
Created attachment 947578 [details]
tigervnc-1.3.1-CVE-2014-8240.patch (proposed 1.3.1 patch)

Comment 10 errata-xmlrpc 2015-11-19 09:03:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2233 https://rhn.redhat.com/errata/RHSA-2015-2233.html

Comment 11 Huzaifa S. Sidhpurwala 2015-11-20 05:29:43 UTC
Statement:

This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.