Solution
Please Install the Updated Packages.
Insight
Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's "
desktop"
environment not only on the machine where it
is running, but from anywhere on the Internet and from a wide variety of machine architectures.
An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the "
listen"
mode, the attacker could cause the
victim's vncviewer to crash or, possibly, execute arbitrary code.
(CVE-2008-4770)
Users of vncviewer should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all running instances of vncviewer must be restarted after the update is installed.
Affected
vnc on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4770 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities