Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AT&T WinVNC Client Buffer Overflow Vulnerability

AT&T WinVNC Client Buffer Overflow Vulnerability

by platon on January 30th, 2001 VNC is the Virtual Network Computing package, a freely available remote administration package designed to allow access to a remote system desktop. It is distributed and maintained by AT&T...


A problem with the client portion of the package could allow a remote user to execute arbitrary code. This is due to the handling of the rfbConnFailed packet sent from the server to the client during connection and authentication. This error response normally signals the client that the connection attempt has failed, at which time the client passes the contents of the packet through a logging routine for future administrative reference. However, by spoofing the version number of the server, and sending the rfbConnFailed packet with a reason string of 1024 bytes, and a reason length of greater than 1024 bytes, an overflow will occur. This overflow could be used to overwrite stack variables, including the return address, and execute arbitrary code.
This problem makes it possible for a user with malicious motives to execute code on a remote system, with the privileges of the user of the WinVNC client.

[Homepage]



This vulnerability was discovered by Emiliano Kargieman, Agustin Azubel, and Maximiliano Caceres of Core-SDI, and announced to Bugtraq a Core-SDI Security Advisory on January 29, 2001.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »