csaf_redhat - rhsa-2013:0169

RHSA-2013:0169

Vulnerability from csaf_redhat - Published: 2013-01-21 22:31 - Updated: 2025-11-21 17:41

Summary

Red Hat Security Advisory: vino security update

Notes

Topic

An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. (CVE-2012-4429) Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash. (CVE-2011-0904, CVE-2011-0905) In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. (CVE-2011-1164) There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent. (CVE-2011-1165) All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated vino package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Vino is a Virtual Network Computing (VNC) server for GNOME. It allows\nremote users to connect to a running GNOME session using VNC.\n\nIt was found that Vino transmitted all clipboard activity on the system\nrunning Vino to all clients connected to port 5900, even those who had not\nauthenticated. A remote attacker who is able to access port 5900 on a\nsystem running Vino could use this flaw to read clipboard data without\nauthenticating. (CVE-2012-4429)\n\nTwo out-of-bounds memory read flaws were found in the way Vino processed\nclient framebuffer requests in certain encodings. An authenticated client\ncould use these flaws to send a specially-crafted request to Vino, causing\nit to crash. (CVE-2011-0904, CVE-2011-0905)\n\nIn certain circumstances, the vino-preferences dialog box incorrectly\nindicated that Vino was only accessible from the local network. This could\nconfuse a user into believing connections from external networks are not\nallowed (even when they are allowed). With this update, vino-preferences no\nlonger displays connectivity and reachable information. (CVE-2011-1164)\n\nThere was no warning that Universal Plug and Play (UPnP) was used to open\nports on a user\u0027s network router when the \"Configure network automatically\nto accept connections\" option was enabled (it is disabled by default) in\nthe Vino preferences. This update changes the option\u0027s description to avoid\nthe risk of a UPnP router configuration change without the user\u0027s consent.\n(CVE-2011-1165)\n\nAll Vino users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. The GNOME session must be\nrestarted (log out, then log back in) for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0169",
        "url": "https://access.redhat.com/errata/RHSA-2013:0169"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "553477",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
      },
      {
        "category": "external",
        "summary": "678846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
      },
      {
        "category": "external",
        "summary": "694455",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
      },
      {
        "category": "external",
        "summary": "694456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
      },
      {
        "category": "external",
        "summary": "857250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0169.json"
      }
    ],
    "title": "Red Hat Security Advisory: vino security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:41:54+00:00",
      "generator": {
        "date": "2025-11-21T17:41:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:0169",
      "initial_release_date": "2013-01-21T22:31:00+00:00",
      "revision_history": [
        {
          "date": "2013-01-21T22:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-01-21T22:34:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:41:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.3.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.x86_64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_id": "vino-0:2.28.1-8.el6_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.i686",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.i686",
                  "product_id": "vino-0:2.28.1-8.el6_3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.src",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.src",
                  "product_id": "vino-0:2.28.1-8.el6_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.s390x",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_id": "vino-0:2.28.1-8.el6_3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino-debuginfo@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vino-0:2.28.1-8.el6_3.ppc64",
                "product": {
                  "name": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_id": "vino-0:2.28.1-8.el6_3.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vino@2.28.1-8.el6_3?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Client-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Server-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.src",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.i686",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.s390x",
        "relates_to_product_reference": "6Workstation-6.3.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        },
        "product_reference": "vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
        "relates_to_product_reference": "6Workstation-6.3.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-0904",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694455"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "RHBZ#694455",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0904"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-0905",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2011-03-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "694456"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "RHBZ#694456",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0905"
        }
      ],
      "release_date": "2011-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests"
    },
    {
      "cve": "CVE-2011-1164",
      "discovery_date": "2010-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "553477"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "RHBZ#553477",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1164"
        }
      ],
      "release_date": "2009-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino: vino-preferences incorrectly indicates that computer is only reachable over local network"
    },
    {
      "cve": "CVE-2011-1165",
      "discovery_date": "2011-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "678846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino-preferences does not warn about UPnP especially with no password and no confirmation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP).  A future update in Red Hat Enterprise Linux 6 may address this flaw.  To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled.  This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "RHBZ#678846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1165"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1165"
        }
      ],
      "release_date": "2009-09-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vino-preferences does not warn about UPnP especially with no password and no confirmation."
    },
    {
      "cve": "CVE-2012-4429",
      "discovery_date": "2012-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "857250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vino: information leak and authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
          "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
          "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "RHBZ#857250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4429"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4429"
        }
      ],
      "release_date": "2012-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-21T22:31:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0169"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Client-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Client-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Server-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Server-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.src",
            "6Workstation-6.3.z:vino-0:2.28.1-8.el6_3.x86_64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.i686",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.ppc64",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.s390x",
            "6Workstation-6.3.z:vino-debuginfo-0:2.28.1-8.el6_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vino: information leak and authentication bypass"
    }
  ]
}

CVE-2011-1164 (GCVE-0-2011-1164)

Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14

Summary

Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.gnome.org/show_bug.cgi?id=596190	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=553477	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:28.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-12T22:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1164",
    "datePublished": "2013-03-12T22:00:00Z",
    "dateReserved": "2011-03-03T00:00:00Z",
    "dateUpdated": "2024-08-06T22:14:28.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4429 (GCVE-0-2012-4429)

Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:35

Summary

Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.openwall.com/lists/oss-security/2012/09/14/1	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1701-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/55548	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2012/0…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/50527	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "name": "vino-clipboard-info-disclosure(78602)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
          },
          {
            "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
          },
          {
            "name": "USN-1701-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1701-1"
          },
          {
            "name": "55548",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55548"
          },
          {
            "name": "[oss-security] 20120913 CVE request: information leak in vino",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
          },
          {
            "name": "50527",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50527"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "name": "vino-clipboard-info-disclosure(78602)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
        },
        {
          "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
        },
        {
          "name": "USN-1701-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1701-1"
        },
        {
          "name": "55548",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55548"
        },
        {
          "name": "[oss-security] 20120913 CVE request: information leak in vino",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
        },
        {
          "name": "50527",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50527"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4429",
    "datePublished": "2012-10-01T00:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1165 (GCVE-0-2011-1165)

Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14

Summary

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.gnome.org/show_bug.cgi?id=594521	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=678846	x_refsource_MISC
	http://git.gnome.org/browse/vino/commit/?id=410bb…	x_refsource_CONFIRM
	http://www.dslreports.com/forum/r25446313-Ubuntu-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:28.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-12T22:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1165",
    "datePublished": "2013-03-12T22:00:00Z",
    "dateReserved": "2011-03-03T00:00:00Z",
    "dateUpdated": "2024-08-06T22:14:28.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0904 (GCVE-0-2011-0904)

Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05

Summary

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://git.gnome.org/browse/vino/commit/?id=0c2c9…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-1128-1/	vendor-advisoryx_refsource_UBUNTU
	http://git.gnome.org/browse/vino/commit/?id=d050a…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/44410	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1144	vdb-entryx_refsource_VUPEN
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47681	vdb-entryx_refsource_BID
	http://git.gnome.org/browse/vino/commit/?id=456da…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/log/?h=gnome-2-30	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2238	vendor-advisoryx_refsource_DEBIAN
	http://git.gnome.org/browse/vino/commit/?id=e17bd…	x_refsource_CONFIRM
	https://bugzilla.gnome.org/show_bug.cgi?id=641802	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=dff52…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=694455	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=8beef…	x_refsource_CONFIRM
	http://secunia.com/advisories/44463	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/tree/NEWS	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:54.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "vino-input-dos(67243)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
          },
          {
            "name": "USN-1128-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1128-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "MDVSA-2011:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
          },
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "name": "44410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
          },
          {
            "name": "ADV-2011-1144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
          },
          {
            "name": "47681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
          },
          {
            "name": "DSA-2238",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
          },
          {
            "name": "44463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/tree/NEWS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "vino-input-dos(67243)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
        },
        {
          "name": "USN-1128-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1128-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "MDVSA-2011:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
        },
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "name": "44410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
        },
        {
          "name": "ADV-2011-1144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
        },
        {
          "name": "47681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
        },
        {
          "name": "DSA-2238",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
        },
        {
          "name": "44463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/tree/NEWS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "vino-input-dos(67243)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "44410",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "name": "http://git.gnome.org/browse/vino/tree/NEWS",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0904",
    "datePublished": "2011-05-10T18:00:00",
    "dateReserved": "2011-02-08T00:00:00",
    "dateUpdated": "2024-08-06T22:05:54.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0905 (GCVE-0-2011-0905)

Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05

Summary

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://git.gnome.org/browse/vino/commit/?id=0c2c9…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-1128-1/	vendor-advisoryx_refsource_UBUNTU
	http://git.gnome.org/browse/vino/commit/?id=d050a…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://rhn.redhat.com/errata/RHSA-2013-0169.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.gnome.org/show_bug.cgi?id=641803	x_refsource_CONFIRM
	http://secunia.com/advisories/44410	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1144	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47681	vdb-entryx_refsource_BID
	http://git.gnome.org/browse/vino/commit/?id=456da…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=694456	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/log/?h=gnome-2-30	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2238	vendor-advisoryx_refsource_DEBIAN
	http://git.gnome.org/browse/vino/commit/?id=e17bd…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=dff52…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/commit/?id=8beef…	x_refsource_CONFIRM
	http://secunia.com/advisories/44463	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v…	x_refsource_CONFIRM
	http://git.gnome.org/browse/vino/tree/NEWS	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:54.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
          },
          {
            "name": "USN-1128-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1128-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "MDVSA-2011:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
          },
          {
            "name": "RHSA-2013:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
          },
          {
            "name": "44410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
          },
          {
            "name": "ADV-2011-1144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1144"
          },
          {
            "name": "vino-framebuffer-dos(67244)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
          },
          {
            "name": "47681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
          },
          {
            "name": "DSA-2238",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
          },
          {
            "name": "44463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/vino/tree/NEWS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
        },
        {
          "name": "USN-1128-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1128-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "MDVSA-2011:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
        },
        {
          "name": "RHSA-2013:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
        },
        {
          "name": "44410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
        },
        {
          "name": "ADV-2011-1144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1144"
        },
        {
          "name": "vino-framebuffer-dos(67244)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
        },
        {
          "name": "47681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
        },
        {
          "name": "DSA-2238",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
        },
        {
          "name": "44463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/vino/tree/NEWS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641803",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
            },
            {
              "name": "44410",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "vino-framebuffer-dos(67244)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694456",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
            },
            {
              "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "name": "http://git.gnome.org/browse/vino/tree/NEWS",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0905",
    "datePublished": "2011-05-10T18:00:00",
    "dateReserved": "2011-02-08T00:00:00",
    "dateUpdated": "2024-08-06T22:05:54.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2013:0169

CVE-2011-1164 (GCVE-0-2011-1164)

CVE-2012-4429 (GCVE-0-2012-4429)

CVE-2011-1165 (GCVE-0-2011-1165)

CVE-2011-0904 (GCVE-0-2011-0904)

CVE-2011-0905 (GCVE-0-2011-0905)

Tags

Sightings

Nomenclature