CVE-2009-0388
First published: Wed Feb 04 2009(Updated: )
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TightVNC | =1.3.9 | |
| UltraVNC | =1.0.2 | |
| UltraVNC | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
- http://www.securityfocus.com/bid/33568
- http://www.coresecurity.com/content/vnc-integer-overflows
- http://secunia.com/advisories/33807
- http://forum.ultravnc.info/viewtopic.php?t=14654
- http://www.vupen.com/english/advisories/2009/0321
- http://www.vupen.com/english/advisories/2009/0322
- https://www.exploit-db.com/exploits/8024
- https://www.exploit-db.com/exploits/7990
- http://www.securityfocus.com/archive/1/500632/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-0388?
CVE-2009-0388 is classified as a medium severity vulnerability due to its potential for denial of service and arbitrary code execution.
How do I fix CVE-2009-0388?
To fix CVE-2009-0388, upgrade to the latest versions of UltraVNC and TightVNC that address these integer signedness errors.
What software is affected by CVE-2009-0388?
The affected software includes UltraVNC versions 1.0.2 and 1.0.5, as well as TightVNC version 1.3.9.
What are the risks associated with CVE-2009-0388?
The risks associated with CVE-2009-0388 include potential application crashes and the execution of arbitrary code on remote servers.
Can CVE-2009-0388 be exploited remotely?
Yes, CVE-2009-0388 can be exploited remotely by sending crafted messages with large length values to the affected VNC servers.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/event
- vendor/tightvnc
- canonical/tightvnc
- version/tightvnc/1.3.9
- vendor/ultravnc
- canonical/ultravnc
- version/ultravnc/1.0.2
- version/ultravnc/1.0.5