VNC: Reason Too Long
This protocol anomaly detects a VNC reason string length that exceeds the user-defined maximum. A reason string contains the text that describes the reason a connection between a VNC server and client failed. The default reason string maximum is 512; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>VNC>Reason string length.
Extended Description
Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. The following are vulnerable to these issues; UltraVNC prior to 1.0.5.4 TightVNC prior to 1.3.10 Other VNC applications may also be affected.
Affected Products
Nortel_networks self-service_media_processing_server,Tightvnc tightvnc
Short Name
VNC:OVERFLOW:RSN-TOO-LONG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
VNC
Keywords
CVE-2009-0388 bid:33568
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nortel_networks
Tightvnc
Ultravnc
CVSS Score
10.0