Vulnerability Details : CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Publish Date : 2014-10-06 Last Update Date : 2016-12-21

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.3
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of Service
CWE ID	189

- Related OVAL Definitions

Title	Definition Id	Family
DSA-3081-1 -- libvncserver security update	oval:org.mitre.oval:def:28422	unix
ELSA-2014-1826 -- libvncserver security update (moderate)	oval:org.mitre.oval:def:28316	unix
ELSA-2014-1827 -- kdenetwork security update (moderate)	oval:org.mitre.oval:def:28219	unix
RHSA-2014:1826 -- libvncserver security update (Moderate)	oval:org.mitre.oval:def:28208	unix
RHSA-2014:1826: libvncserver security update (Moderate)	oval:com.redhat.rhsa:def:20141826	unix
RHSA-2014:1827 -- kdenetwork security update (Moderate)	oval:org.mitre.oval:def:28039	unix
RHSA-2014:1827: kdenetwork security update (Moderate)	oval:com.redhat.rhsa:def:20141827	unix
USN-2365-1 -- libvncserver vulnerabilities	oval:org.mitre.oval:def:27178	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2014-6054

#	Product Type	Vendor	Product	Version	Edition
1	OS	Canonical	Ubuntu Linux	12.04	~~lts~~~	Version Details Vulnerabilities
2	OS	Canonical	Ubuntu Linux	14.04	~~lts~~~	Version Details Vulnerabilities
3	OS	Debian	Debian Linux	7.0		Version Details Vulnerabilities
4	Application	Libvncserver	Libvncserver	0.9.9		Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Canonical	Ubuntu Linux	2
Debian	Debian Linux	1
Libvncserver	Libvncserver	1

- References For CVE-2014-6054

http://www.openwall.com/lists/oss-security/2014/09/25/11
MLIST [oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues

https://security.gentoo.org/glsa/201507-07
GENTOO GLSA-201507-07

http://seclists.org/oss-sec/2014/q3/639
MLIST [oss-security] 20140923 Multiple issues in libVNCserver

http://www.ubuntu.com/usn/USN-2365-1
UBUNTU USN-2365-1

https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446 CONFIRM

http://www.securityfocus.com/bid/70094
BID 70094 LibVNCServer CVE-2014-6054 Denial of Service Vulnerability Release Date:2015-07-08

http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
SUSE openSUSE-SU-2015:2207

http://www.debian.org/security/2014/dsa-3081
DEBIAN DSA-3081

http://www.ocert.org/advisories/ocert-2014-007.html

- Metasploit Modules Related To CVE-2014-6054

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)