Debian Security Advisory DSA 1716-1 (vnc4) Network Vulnerability

Summary

The remote host is missing an update to vnc4 announced via advisory DSA 1716-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201716-1

Insight

It was discovered that xvnc4viewer, a virtual network computing client software for X, is prone to an integer overflow via a malicious encoding value that could lead to arbitrary code execution. For the stable distribution (etch) this problem has been fixed in version 4.1.1+X4.3.0-21+etch1. For the unstable (sid) distribution this problem has been fixed in version 4.1.1+X4.3.0-31. For the testing (lenny) distribution this problem will be fixed soon. We recommend that you upgrade your vnc4 packages.

Severity

Classification

CVE CVE-2008-4770

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 1005-1 (xine-lib)
Debian Security Advisory DSA 1033-1 (horde3)
Debian Security Advisory DSA 102-1 (at)
Debian Security Advisory DSA 026-1 (bind)

Take action and discover your vulnerabilities