CVE-2014-6055: Buffer Overflow
First published: Fri Sep 19 2014(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedoraproject Fedora | =20 | |
| Fedoraproject Fedora | =21 | |
| Debian Debian Linux | =7.0 | |
| Redhat Enterprise Linux Server Aus | =6.5 | |
| Redhat Enterprise Linux Server Eus | =6.5.z | |
| Libvncserver Libvncserver | <=0.9.9 | |
| debian/libvncserver | 0.9.13+dfsg-2+deb11u1 0.9.14+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2015-0113.html
- http://seclists.org/oss-sec/2014/q3/639
- http://secunia.com/advisories/61506
- http://www.debian.org/security/2014/dsa-3081
- http://www.ocert.org/advisories/ocert-2014-007.html
- http://www.openwall.com/lists/oss-security/2014/09/25/11
- http://www.securityfocus.com/bid/70096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96187
- https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
- https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
- https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
- https://security.gentoo.org/glsa/201507-07
- https://usn.ubuntu.com/4587-1/
- https://www.kde.org/info/security/advisory-20140923-1.txt
- https://launchpad.net/bugs/cve/CVE-2014-6055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1144293#c0
- https://github.com/newsoft/libvncserver/commit/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1145878
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1145879
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1145880
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1145883
- http://www.kde.org/info/security/advisory-20140923-1.txt
- http://koji.fedoraproject.org/koji/buildinfo?buildID=580492
- http://quickgit.kde.org/?p=krfb.git&a=commitdiff&h=2e211579455fd832fb21322482c005b6a85aa1bf&hp=857c2b411ed806ef806116407612a2d2a40fab9c
- https://rhn.redhat.com/errata/RHSA-2014-1826.html
- https://rhn.redhat.com/errata/RHSA-2014-1827.html
- https://rhn.redhat.com/errata/RHSA-2015-0113.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1144293
- https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748
- https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
- https://security-tracker.debian.org/tracker/CVE-2014-6055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055
- https://nvd.nist.gov/vuln/detail/CVE-2014-6055
- https://ubuntu.com/security/CVE-2014-6055
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2014-6055.
What is the severity level of CVE-2014-6055?
The severity level of CVE-2014-6055 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2014-6055?
CVE-2014-6055 affects LibVNCServer 0.9.9 and earlier, Fedora 20 and 21, Debian Linux 7.0, Red Hat Enterprise Linux Server Aus 6.5, Red Hat Enterprise Linux Server Eus 6.5.z, and Ubuntu packages krfb and libvncserver.
How can a remote authenticated user exploit CVE-2014-6055?
A remote authenticated user can exploit CVE-2014-6055 by causing a denial of service (crash) and possibly executing arbitrary code via a long file or directory name or the FileTime attribute in a rfbserver.c file.
Where can I find more information about CVE-2014-6055?
You can find more information about CVE-2014-6055 at the following references: [link1](http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html), [link2](http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html), [link3](http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html).
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-6055
- agent/author
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/description
- agent/weakness
- agent/remedy
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/20
- version/fedoraproject fedora/21
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/redhat
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.5
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.5.z
- vendor/libvncserver
- canonical/libvncserver libvncserver
- version/libvncserver libvncserver/0.9.9
- package-manager/debian