CVE-2008-4770
Published: 16 January 2009
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Priority
Status
Package | Release | Status |
---|---|---|
vnc4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
|
|
maverick |
Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
|
|
natty |
Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
|
|
oneiric |
Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
|
|
upstream |
Released
(4.1.3)
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=329323 vendor: http://patch-tracking.debian.net/patch/series/view/vnc4/4.1.1+X4.3.0-31/vnc-CVE-2008-4770.diff |