Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5660

Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

Published

2008-12-17T20:30:01.047

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	vinagre	0.5.0	Yes
Application	gnome	vinagre	0.5.1	Yes
Application	gnome	vinagre	2.23.1	Yes
Application	gnome	vinagre	2.23.2	Yes
Application	gnome	vinagre	2.23.3	Yes
Application	gnome	vinagre	2.23.3.1	Yes
Application	gnome	vinagre	2.23.4	Yes
Application	gnome	vinagre	2.23.90	Yes
Application	gnome	vinagre	2.23.91	Yes
Application	gnome	vinagre	2.23.92	Yes
Application	gnome	vinagre	2.24.0	Yes
Application	gnome	vinagre	2.24.1	Yes

References

http://secunia.com/advisories/33041 Vendor Advisory ([email protected])
http://secunia.com/advisories/33046 Vendor Advisory ([email protected])
http://secunia.com/advisories/33082 Vendor Advisory ([email protected])
http://www.coresecurity.com/content/vinagre-format-string Exploit ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:240 Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/499057/100/0/threaded ([email protected])
http://www.ubuntu.com/usn/usn-689-1 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/3362 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=475070 ([email protected])
https://www.exploit-db.com/exploits/7401 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html ([email protected])
http://secunia.com/advisories/33041 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33046 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33082 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.coresecurity.com/content/vinagre-format-string Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:240 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/499057/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-689-1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3362 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=475070 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/7401 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html (af854a3a-2127-422b-91ae-364da2661108)