CVE-2019-8259

Beschreibung:
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

CWE: CWE-401 CWE-787

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)

Links:

NVD – CVE-2019-8259
CVE – CVE-2019-8259

Link (max. 20) Quelle Tags
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/ MISC Third Party Advisory Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf CONFIRM Third Party Advisory Third Party Advisory Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06 MISC Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf CONFIRM Third Party Advisory US Government Resource VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf CONFIRM Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf CONFIRM Patch Third Party Advisory
DSA-4456 DEBIAN Mailing List Third Party Advisory
20190605 [SECURITY] [DSA 4456-1] exim4 security update BUGTRAQ Mailing List Third Party Advisory
GLSA-201906-01 GENTOO
[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit MLIST
108679 BID
openSUSE-SU-2019:1524 SUSE
http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html MISC
20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149) FULLDISC
http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html MISC
[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 MLIST
[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 MLIST
[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2 MLIST
http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html MISC
[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim MLIST

Quelle: NVD – CVE-2019-8259
Datum Veröffentlichung: 2019-03-05T15:29Z, Datum letzte Änderung: 2021-05-11T13:15Z