Security vulnerability in GNOME desktop VNC client
The GNOME desktop's VNC client Vinagre contains a security vulnerability which can be exploited by attackers operating manipulated VNC servers to inject malicious code onto users' systems. The cause of the problem is a format string vulnerability in the
vinagre_utils_show_error() function in
Using specific messages containing format string specifiers it is possible to write code to memory and, according to Core Security, in some cases execute this code with the user’s privileges. This is reported to be possible under Ubuntu version 8.04 (Hardy), whilst in Ubuntu version 8.10 (Ibex) Vinagre merely crashes. A successful attack requires the victim to connect to a malicious server.
The bug can be exploited both remotely and locally, for example via
vinagre %n%n, and using crafted vnc files. All versions up to 2.24.1 are affected. The bug is fixed in version 2.24.2 (gzip file download link). Linux distributors are already releasing updated packages.
- Vinagre show_error() format string vulnerability, report from Core Security Technologies