Multiple integer signedness errors... CVE-2009-0388 CNNVD-200902-084

10.0 AV AC AU C I A
发布: 2009-02-04
修订: 2018-10-11

UltraVNC和TightVNC都是开放源码的远程终端模拟软件。 UltraVNC和TightVNC客户端存在多个整数溢出漏洞,有漏洞的函数为: . 'ClientConnection::CheckBufferSize' . 'ClientConnection::CheckFileZipBufferSize' UltraVNC的1.0.2及之前版本使用有漏洞的函数: . 'ClientConnection::ReadServerCutText() : 3859' . 'ClientConnection::Authenticate() : 1701' TightVNC的1.3.9及之前版本使用有漏洞的函数: . 'ClientConnection::ReadServerCutText() : 2951' . 'ClientConnection::ReadFailureReason() : 3066' 由于代码共享,其他VNC客户端也可能受影响。整数溢出情况如下: /----------- unsigned int len; /* note the *unsigned int* */ // read len from the net len = network.read_placeholder(); // check the size to ensure the network related read buffer is of the bigger as need CheckBufferSize( len ); // or CheckZipBufferSize(len); // use network related red buffer // ... - -----------/ 这里CheckBufferSize如下: /----------- (ClientConnection.cpp) 4185: // Makes sure netbuf is at least as big as the specified size. 4186: // Note that netbuf itself may change as a result of this call. 4187: // Throws an exception on failure. 4188:...

0%
当前有4条漏洞利用/PoC
当前有3条受影响产品信息