Mandriva Update For Vinagre MDVSA-2008:240 (vinagre) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.

Affected

vinagre on Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-5660

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:160 (ruby)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:034 (squid)
Mandrake Security Advisory MDVSA-2009:027 (cups)

Mandriva Update for vinagre MDVSA-2008:240 (vinagre)

Take action and discover your vulnerabilities