FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vinagre -- format string vulnerability

Affected packages
vinagre < 0.5.2


VuXML ID 214e8e07-d369-11dd-b800-001b77d09812
Discovery 2008-12-09
Entry 2008-12-31
Modified 2010-05-02

CORE Security Technologies reports:

A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name.

In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.


Bugtraq ID 32682
CVE Name CVE-2008-5660