Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-5745

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Related bugs and status

CVE-2013-5745 (Candidate) is related to these bugs:

Bug #1271358: Update to 3.18 (remove controls needed for Unity and other desktops)

Summary				In	Importance	Status
	1271358	Update to 3.18 (remove controls needed for Unity and other desktops)		vino (Ubuntu)	Wishlist	Fix Released
	1271358	Update to 3.18 (remove controls needed for Unity and other desktops)		unity-control-center (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.trustwave....
CONFIRM: https://bugzilla.gnome...
CONFIRM: https://bugzilla.gnome...
UBUNTU: USN-1980-1
SECUNIA: 55090
REDHAT: RHSA-2013:1452
SUSE: SUSE-SU-2013:1631