=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN003
_____________________________________________________________________

DATE                : 03/01/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running realvnc versions 5.0.6.

======================================================================
http://realvnc.com/products/vnc/documentation/5.0/release-notes/
______________________________________________________________________


5.0.7, released 19th December 2013

    UNIX/Linux
        FIXED: Local users can no longer execute arbitrary code as root
by passing a maliciously crafted argument to the VNC Server in User Mode
(vncserver-x11) or Virtual Mode (Xvnc) setuid-root helpers. Note this
issue only affected 5.0.6. See CVE-2013-6886.
    Mac OS X
        FIXED: Local users can no longer execute arbitrary code as root
by passing a maliciously crafted argument to the VNC Server in User Mode
(vncserver) setuid-root helper. Note this issue only affected 5.0.6. See
CVE-2013-6886.




=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================