CVE-2013-5745

GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5745. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This exploit demonstrates a persistent denial of service (DoS) vulnerability in Vino VNC Server by sending malformed data during the authentication stage, causing the service to enter an infinite loop and become unresponsive.

Description

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textdoslinux

https://www.exploit-db.com/exploits/28338

View Code ZIP pw:eip

This exploit demonstrates a persistent denial of service (DoS) vulnerability in Vino VNC Server by sending malformed data during the authentication stage, causing the service to enter an infinite loop and become unresponsive.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Vino VNC Server 3.7.3 and earlier (including 3.8 stable with encryption disabled)

No auth needed

Prerequisites: Network access to the target VNC server (port 5900)

MITRE ATT&CK