TUCoPS :: Unix :: General
:: unix5233.htm
VNC client remote "double free()" overflow by linked zlib in java and other
3rd Apr 2002 [SBWID-5233]
COMMAND
VNC client remote \"double free()\" overflow by linked zlib in java and
other
SYSTEMS AFFECTED
The following VNC viewers ARE vulnerable and should be upgraded:
* TightVNC viewer prior to version 1.2.3
* TridiaVNC viewer prior to version 1.5.6 (Win32)
* TridiaVNC Pro viewer prior to version 1.2.00 (Win32)
* TridiaVNC Unix viewers upto and including version 1.4.00
* VNCThing prior to version 2.3 for Mac OS 8/9/X
* VNC Viewer and Server for Apple Newton
* VNC Viewer for Java - the JRE / browser is the problem
Unaffected versions:
No VNC server is affected by the gzip long filename issue.
* AT&T VNC - any past or current viewer on all platforms, including
Win32, Xvnc, and the beta WinCE
* TightVNC 1.2.3 or later
* ChromiVNC v3.4 alpha 5 for MacOS (68k and PPC platforms)
* VNCThing 2.3 or later
* TridiaVNC viewer 1.5.6 and later (Win32)
* TridiaVNC Pro viewer 1.2.00 and later (Win32)
* Geos (Nokia 9000) VNCGEO10
* OS/2: VNC Viewer for OS/2 PM 1.00
* PalmOS: PalmVNC 1.40
* RiscOS: !VNC (any version)
* VMS: AT&T VNC VNC333R1VMS011 package
PROBLEM
In VNC security bulletin,
[http://www.evilsecurity.com/vnc/vnc-zlib-advisory-02.htm] :
Exploit may happen if you have,
* A zlib-capable VNC server;
* A zlib-capable VNC viewer must successfully log on to the above
zlib-enabled VNC server;
* The server must send the faulty stream - requires a very specific
stream injection or a trojaned server; and
* The VNC viewer\'s operating system or libc implementation must have a
memory allocator that behaves in roughly the same fashion as GNU
libc\'s malloc()/free() in a double free situation
SOLUTION
* TightVNC 1.2.3 is available as of this posting. All users of
TightVNC are strongly encouraged to upgrade.
* VNCThing 2.3 should be available around the time of this posting.
All users of VNCThing should upgrade as soon as it is available.
* TridiaVNC 1.5.6 (Win32) should be available shortly. All users of
TridiaVNC should upgrade to 1.5.6 as soon as it is avialble.
* TridiaVNC Pro 1.2.00 (Win32) is now available. All users of
TridiaVNC Pro (Win32) should upgrade to 1.2.00