FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vinagre -- format string vulnerability

Affected packages
vinagre < 0.5.2

Details

VuXML ID 214e8e07-d369-11dd-b800-001b77d09812
Discovery 2008-12-09
Entry 2008-12-31
Modified 2010-05-02

CORE Security Technologies reports:

A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name.

In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.

[source]

References

Bugtraq ID 32682
CVE Name CVE-2008-5660
URL http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news
URL http://www.coresecurity.com/content/vinagre-format-string

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.