Intrusion Prevention

VNC.Client.Authenticate.Buffer.Overflow

Description

Indicates a possible attempt to exploit a buffer overflow vulnerability in AT&T's VNC client. The VNC Client (Virtual Network Computing) is a remote administration package that enables access to a remote system desktop. The client contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the system. This is due to a boundary check error in the client application while handling rfbConnFailed packets from the server. To exploit this an attacker can spoof the session between server and client to discover the server version, and then send a malformed rfbConnFailed packet with 'reason' string 1024 bytes long and 'reason' length more than 1024 bytes to the vulnerable client system. This may cause buffer overflow on the client system, making it possible to execute arbitrary code.

Affected Products

AT&T WinVNC Client 3.3.3 r7

Impact

Compromise of the affected system.

Recommended Actions

A patch is available for this vulnerability.
Core SDI VNC-clientBO.patch
ftp://ftp.core-sdi.com/pub/patches/VNC-clientBO.patch