Hi uvnc Team & users,
last month there was found some UltraVNC Server vulnerabilities by Kaspersky.,
The Kaspersky advisory is not always clear and consistent.
Example:
The CVE-2019-8277 describes CWE 655 as a cause. CWE 655 means Insufficient Psychological Acceptability.
or
The affected product is before 1.2.2.3 but the
Vendor mitigation is 1212. That’s a conflict.
Additionally the several ratings are strange. For example the scope change rating.
The UltraVNC Server CVEs are:
CVE-2019-8277, CVE-2019-8276, CVE-2019-8275, CVE-2019-8274, CVE-2019-8273, CVE-2019-8272, CVE-2019-8271:
A statement of the manufacturer would be very helpfully.
Best Regards
Chris
After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
UltraVNC Vulnerabilities March 2019
-
Rudi De Vos
- Admin & Developer
- Posts: 6963
- Joined: 2004-04-23 10:21
- Contact:
Re: UltraVNC Vulnerabilities March 2019
For this update we worked together with them to fix possible issue's.
Some issue's were already fixed in previous version. All are fixed in 1.2.2.4
Once fixed they are made public available.
sample
CVE-2019-8277
the server send a buffer (x,y,w,h,z) to the viewer
We only use xywh en z is something for later use
The issue was that we don't set z to 0, it contain some uninitialized memory ( 4 bits in z)
Uninitialized means that it contain some part of the memory that's isn't longer used, but it contain some data
and that data is exposed. It's a low risk, like you can see a few letters of a unknown book in a library.
Most fixes are for the viewer.
You can connect to a fake server, the server tell he has a 800x600 screen, but is actual sending data for 1920x1200
This will crash the viewer but you have a risk that some memory got overwritten.
We do not longer thrust the data send by the server and do some extra bounding checks.
I hope this clarify it a little.
Some issue's were already fixed in previous version. All are fixed in 1.2.2.4
Once fixed they are made public available.
sample
CVE-2019-8277
the server send a buffer (x,y,w,h,z) to the viewer
We only use xywh en z is something for later use
The issue was that we don't set z to 0, it contain some uninitialized memory ( 4 bits in z)
Uninitialized means that it contain some part of the memory that's isn't longer used, but it contain some data
and that data is exposed. It's a low risk, like you can see a few letters of a unknown book in a library.
Most fixes are for the viewer.
You can connect to a fake server, the server tell he has a 800x600 screen, but is actual sending data for 1920x1200
This will crash the viewer but you have a risk that some memory got overwritten.
We do not longer thrust the data send by the server and do some extra bounding checks.
I hope this clarify it a little.
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Re: UltraVNC Vulnerabilities March 2019
Thank you very much.