Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-5745

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Published

2013-10-01T17:55:03.727

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	david_king	vino	≤ 3.7.3	Yes
Application	david_king	vino	0.12	Yes
Application	david_king	vino	0.14	Yes
Application	david_king	vino	2.7	Yes
Application	david_king	vino	2.7.3	Yes
Application	david_king	vino	2.7.3.1	Yes
Application	david_king	vino	2.7.4	Yes
Application	david_king	vino	2.7.4.90	Yes
Application	david_king	vino	2.7.4.91	Yes
Application	david_king	vino	2.7.90	Yes
Application	david_king	vino	2.7.91	Yes
Application	david_king	vino	2.7.92	Yes
Application	david_king	vino	2.8	Yes
Application	david_king	vino	2.8.0	Yes
Application	david_king	vino	2.8.0.1	Yes
Application	david_king	vino	2.8.1	Yes
Application	david_king	vino	2.9	Yes
Application	david_king	vino	2.9.2	Yes
Application	david_king	vino	2.10	Yes
Application	david_king	vino	2.11	Yes
Application	david_king	vino	2.11.1	Yes
Application	david_king	vino	2.11.1.1	Yes
Application	david_king	vino	2.11.1.2	Yes
Application	david_king	vino	2.11.90	Yes
Application	david_king	vino	2.11.92	Yes
Application	david_king	vino	2.12	Yes
Application	david_king	vino	2.13	Yes
Application	david_king	vino	2.13.5	Yes
Application	david_king	vino	2.14	Yes
Application	david_king	vino	2.15	Yes
Application	david_king	vino	2.16	Yes
Application	david_king	vino	2.17	Yes
Application	david_king	vino	2.17.2	Yes
Application	david_king	vino	2.17.4	Yes
Application	david_king	vino	2.17.5	Yes
Application	david_king	vino	2.17.92	Yes
Application	david_king	vino	2.18	Yes
Application	david_king	vino	2.18.1	Yes
Application	david_king	vino	2.19	Yes
Application	david_king	vino	2.19.5	Yes
Application	david_king	vino	2.19.90	Yes
Application	david_king	vino	2.19.92	Yes
Application	david_king	vino	2.20	Yes
Application	david_king	vino	2.20.1	Yes
Application	david_king	vino	2.21	Yes
Application	david_king	vino	2.21.1	Yes
Application	david_king	vino	2.21.2	Yes
Application	david_king	vino	2.21.3	Yes
Application	david_king	vino	2.21.90	Yes
Application	david_king	vino	2.21.91	Yes
Application	david_king	vino	2.21.92	Yes
Application	david_king	vino	2.22	Yes
Application	david_king	vino	2.22.1	Yes
Application	david_king	vino	2.22.2	Yes
Application	david_king	vino	2.23	Yes
Application	david_king	vino	2.23.5	Yes
Application	david_king	vino	2.23.90	Yes
Application	david_king	vino	2.23.91	Yes
Application	david_king	vino	2.23.92	Yes
Application	david_king	vino	2.24	Yes
Application	david_king	vino	2.24.1	Yes
Application	david_king	vino	2.25	Yes
Application	david_king	vino	2.25.3	Yes
Application	david_king	vino	2.25.4	Yes
Application	david_king	vino	2.25.5	Yes
Application	david_king	vino	2.25.90	Yes
Application	david_king	vino	2.25.91	Yes
Application	david_king	vino	2.25.92	Yes
Application	david_king	vino	2.26	Yes
Application	david_king	vino	2.26.1	Yes
Application	david_king	vino	2.26.2	Yes
Application	david_king	vino	2.27	Yes
Application	david_king	vino	2.27.5	Yes
Application	david_king	vino	2.27.90	Yes
Application	david_king	vino	2.27.91	Yes
Application	david_king	vino	2.27.92	Yes
Application	david_king	vino	2.28	Yes
Application	david_king	vino	2.28.1	Yes
Application	david_king	vino	2.28.2	Yes
Application	david_king	vino	2.28.3	Yes
Application	david_king	vino	2.31.4	Yes
Application	david_king	vino	2.31.91	Yes
Application	david_king	vino	2.32.0	Yes
Application	david_king	vino	2.32.1	Yes
Application	david_king	vino	2.32.2	Yes
Application	david_king	vino	2.99.0	Yes
Application	david_king	vino	2.99.1	Yes
Application	david_king	vino	2.99.2	Yes
Application	david_king	vino	2.99.3	Yes
Application	david_king	vino	2.99.4	Yes
Application	david_king	vino	2.99.5	Yes
Application	david_king	vino	3.0.0	Yes
Application	david_king	vino	3.0.1	Yes
Application	david_king	vino	3.0.2	Yes
Application	david_king	vino	3.0.3	Yes
Application	david_king	vino	3.1	Yes
Application	david_king	vino	3.1.1	Yes
Application	david_king	vino	3.1.2	Yes
Application	david_king	vino	3.1.3	Yes
Application	david_king	vino	3.1.4	Yes
Application	david_king	vino	3.1.5	Yes
Application	david_king	vino	3.1.90	Yes
Application	david_king	vino	3.1.91	Yes
Application	david_king	vino	3.1.92	Yes
Application	david_king	vino	3.2.0	Yes
Application	david_king	vino	3.2.1	Yes
Application	david_king	vino	3.2.2	Yes
Application	david_king	vino	3.3.1	Yes
Application	david_king	vino	3.3.3	Yes
Application	david_king	vino	3.3.92	Yes
Application	david_king	vino	3.4.0	Yes
Application	david_king	vino	3.4.1	Yes
Application	david_king	vino	3.4.2	Yes
Application	david_king	vino	3.5.2	Yes
Application	david_king	vino	3.5.90	Yes
Application	david_king	vino	3.5.92	Yes
Application	david_king	vino	3.6.0	Yes
Application	david_king	vino	3.6.1	Yes
Application	david_king	vino	3.6.2	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	12.10	Yes
Operating System	canonical	ubuntu_linux	13.04	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1452.html ([email protected])
http://secunia.com/advisories/55090 Vendor Advisory ([email protected])
http://www.ubuntu.com/usn/USN-1980-1 Vendor Advisory ([email protected])
https://bugzilla.gnome.org/show_bug.cgi?id=641811 Vendor Advisory ([email protected])
https://bugzilla.gnome.org/show_bug.cgi?id=707905 Vendor Advisory ([email protected])
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1452.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55090 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1980-1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=641811 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=707905 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt (af854a3a-2127-422b-91ae-364da2661108)