Overview
A buffer overflow in the WinVNC server on Windows systems can allow an intruder to gain control of the VNC server and execute arbitrary code with the privileges of the user running the server.
Description
AT&T WinVNC is a free software package available from AT&T Labs Cambridge that allows users to interact with the desktop of a remote Windows host. By providing a specially crafted HTTP request to the VNC server, an attacker can overflow a buffer in Log.cpp, resulting in access to the VNC server and the ability to execute arbitrary code with the privileges of the user running the server. It is worth noting that the VNC server does not listen on 80/tcp by default. See the following url: |
Impact
Local and remote users can execute arbitrary code with the privileges of the user running the server. |
Solution
Apply this patch while inside the vnc_winsrc/winvnc --- Log.cpp Mon Jan 15 18:17:46 2001 |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Our thanks to CORE SDI for the information contained in their bulletin.
This document was written by Ian A. Finlay and is based on information obtained from a Core SDI Security Advisory.
Other Information
CVE IDs: | CVE-2001-0168 |
Severity Metric: | 12.60 |
Date Public: | 2001-01-29 |
Date First Published: | 2001-06-28 |
Date Last Updated: | 2001-06-28 15:57 UTC |
Document Revision: | 32 |