Security vulnerability in GNOME desktop VNC client
The GNOME desktop's VNC client Vinagre contains a security vulnerability which can be exploited by attackers operating manipulated VNC servers to inject malicious code onto users' systems. The cause of the problem is a format string vulnerability in the vinagre_utils_show_error()
function in src/vinagre-utils.c
.
Using specific messages containing format string specifiers it is possible to write code to memory and, according to Core Security, in some cases execute this code with the user’s privileges. This is reported to be possible under Ubuntu version 8.04 (Hardy), whilst in Ubuntu version 8.10 (Ibex) Vinagre merely crashes. A successful attack requires the victim to connect to a malicious server.
The bug can be exploited both remotely and locally, for example via vinagre %n%n
, and using crafted vnc files. All versions up to 2.24.1 are affected. The bug is fixed in version 2.24.2 (gzip file download link). Linux distributors are already releasing updated packages.
See also:
- Vinagre show_error() format string vulnerability, report from Core Security Technologies
(djwm)