Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.1.2.2017.1227 |
Categoría: | Huawei EulerOS Local Security Checks |
Título: | Huawei EulerOS: Security Advisory for tigervnc (EulerOS-SA-2017-1227) |
Resumen: | The remote host is missing an update for the Huawei EulerOS 'tigervnc' package(s) announced via the EulerOS-SA-2017-1227 advisory. |
Descripción: | Summary: The remote host is missing an update for the Huawei EulerOS 'tigervnc' package(s) announced via the EulerOS-SA-2017-1227 advisory. Vulnerability Insight: A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393) A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394) An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395) A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392) A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396) Affected Software/OS: 'tigervnc' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-5581 BugTraq ID: 95789 http://www.securityfocus.com/bid/95789 https://security.gentoo.org/glsa/201702-19 http://www.openwall.com/lists/oss-security/2017/01/22/1 http://www.openwall.com/lists/oss-security/2017/01/25/6 RedHat Security Advisories: RHSA-2017:0630 http://rhn.redhat.com/errata/RHSA-2017-0630.html RedHat Security Advisories: RHSA-2017:2000 https://access.redhat.com/errata/RHSA-2017:2000 Common Vulnerability Exposure (CVE) ID: CVE-2017-7392 BugTraq ID: 97305 http://www.securityfocus.com/bid/97305 https://security.gentoo.org/glsa/201801-13 Common Vulnerability Exposure (CVE) ID: CVE-2017-7393 Common Vulnerability Exposure (CVE) ID: CVE-2017-7394 Common Vulnerability Exposure (CVE) ID: CVE-2017-7395 Common Vulnerability Exposure (CVE) ID: CVE-2017-7396 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |