|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-11-19 | |
| Rule Name: | TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability -2 (CVE-2019-15683) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Others | |
| Reference: | https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e |