Bug 480590 (CVE-2008-4770)

Summary: CVE-2008-4770 vnc: vncviewer insufficient encoding value validation in CMsgReader::readRect
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: atkac, kreilly, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4770
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 08:51:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 481331, 833987, 471777, 481328, 481329, 481330, 1017870    
Bug Blocks:    
Attachments:
Description Flags
Upstream patch none

Description Tomas Hoger 2009-01-19 11:10:40 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4770 to the following vulnerability:

The CMsgReader::readRect function in the VNC Viewer component in
RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0
through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote
VNC servers to execute arbitrary code via crafted RFB protocol data,
related to "encoding type."

References:
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/upgrade.html
http://xforce.iss.net/xforce/xfdb/47937
http://www.securityfocus.com/bid/33263
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1
Comment 1 Tomas Hoger 2009-01-19 11:14:21 UTC 
Created attachment 329323 [details]
Upstream patch

Diff of CMsgReader.cxx between 4.1.2 and 4.1.3.
Comment 11 Fedora Update System 2009-01-27 01:50:49 UTC 
vnc-4.1.3-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2009-01-27 01:51:38 UTC 
vnc-4.1.3-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Tomas Hoger 2010-03-29 08:51:44 UTC 
https://www.redhat.com/security/data/cve/CVE-2008-4770.html