TUCoPS :: Unix :: General :: unix5233.htm

VNC client remote "double free()" overflow by linked zlib in java and other
3rd Apr 2002 [SBWID-5233]
COMMAND

	VNC client remote \"double free()\" overflow by linked zlib in java  and
	other

SYSTEMS AFFECTED

	The following VNC viewers ARE vulnerable and should be upgraded:
	

	 * TightVNC viewer prior to version 1.2.3

	 * TridiaVNC viewer prior to version 1.5.6 (Win32)

	 * TridiaVNC Pro viewer prior to version 1.2.00 (Win32)

	 * TridiaVNC Unix viewers upto and including version 1.4.00

	 * VNCThing prior to version 2.3 for Mac OS 8/9/X

	 * VNC Viewer and Server for Apple Newton

	 * VNC Viewer for Java - the JRE / browser is the problem

	

	Unaffected versions:
	 

	 No VNC server is affected by the gzip long filename issue. 

	

	 * AT&T VNC - any past or current viewer on all platforms, including

	   Win32, Xvnc, and the beta WinCE 

	 * TightVNC 1.2.3 or later

	 * ChromiVNC v3.4 alpha 5 for MacOS (68k and PPC platforms)

	 * VNCThing 2.3 or later

	 * TridiaVNC viewer 1.5.6 and later (Win32)

	 * TridiaVNC Pro viewer 1.2.00 and later (Win32)

	 * Geos (Nokia 9000) VNCGEO10

	 * OS/2: VNC Viewer for OS/2 PM 1.00

	 * PalmOS: PalmVNC 1.40

	 * RiscOS: !VNC (any version)

	 * VMS: AT&T VNC VNC333R1VMS011 package

	

PROBLEM

	In VNC security bulletin,
	 [http://www.evilsecurity.com/vnc/vnc-zlib-advisory-02.htm] : 

	

	Exploit may happen if you have,
	

	* A zlib-capable VNC server;
	

	* A zlib-capable VNC viewer must successfully log on to the above
	  zlib-enabled VNC server;

	

	* The server must send the faulty stream - requires a very specific
	  stream injection or a trojaned server; and

	

	* The VNC viewer\'s operating system or libc implementation must have a
	  memory allocator that behaves in roughly the same fashion as GNU 

	  libc\'s malloc()/free() in a double free situation

SOLUTION

	* TightVNC 1.2.3 is available as of this posting. All users of
	  TightVNC are strongly encouraged to upgrade. 

	

	* VNCThing 2.3 should be available around the time of this posting.
	  All users of VNCThing should upgrade as soon as it is available. 

	  

	* TridiaVNC 1.5.6 (Win32) should be available shortly. All users of
	  TridiaVNC should upgrade to 1.5.6 as soon as it is avialble. 

	  

	* TridiaVNC Pro 1.2.00 (Win32) is now available. All users of
	  TridiaVNC Pro (Win32) should upgrade to 1.2.00

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH