Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:21226

Version

Class

patch

ALTXid

37293

Language

English

Severity

NotAvailable

Title

RHSA-2013:1452: vino security update (Moderate)

Description

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Family

unix

Platform

Product

vino

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2014-01-09T13:03:25 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2014-01-10T12:56:34.240-05:00 : status_change DRAFT
- 2014-01-27T04:01:20.531-05:00 : status_change INTERIM
- 2014-02-17T04:01:34.929-05:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2013:1452-00

CESA: CESA-2013:1452
CESA: CESA-2013:1452

Id: CESA-2013:1452

CVE: CVE-2013-5745

Criteria

Expand All

Collapse All

AND

Operation system section

CRITERION vino is earlier than 0:2.28.1-9.el6_4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91451) check=at least one, check_existence=at_least_one_exists, comment=vino is earlier than 0:2.28.1-9.el6_4, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:28909)
    name vino
  - rpminfo_state (ID = oval:org.mitre.oval:ste:26116)
    evr datatype=evr_string | operation=less than | value=0:2.28.1-9.el6_4

OR	Redhat 6 or Centos 6 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:20273) The operating system installed on the system is Red Hat Enterprise Linux 6

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16337) The operating system installed on the system is CentOS Linux 6.x

AND

Operation system section

OR	Redhat 5 or Centos 5 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

CRITERION vino is earlier than 0:2.13.5-10.el5_10
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91446) check=at least one, check_existence=at_least_one_exists, comment=vino is earlier than 0:2.13.5-10.el5_10, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:28909)
    name vino
  - rpminfo_state (ID = oval:org.mitre.oval:ste:25888)
    evr datatype=evr_string | operation=less than | value=0:2.13.5-10.el5_10


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	COMPLETE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	COMPLETE