Details of VAR-201812-1202

ID

VAR-201812-1202

CVE

CVE-2018-20019

TITLE

LibVNC Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-013230

DESCRIPTION

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to an multiple heap-based buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. For the stable distribution (stretch), these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u1. We recommend that you upgrade your libvncserver packages. For the detailed security status of libvncserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvncserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxXVEVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QnFA/+OdqSdVFFyBtT3WnOMUez7pBsk3wx0rzbCZ5uBJHYzr0ogMgDInL4GwdW RrTvSQtpKiUjmN4tfocXxKiWq6/KVZ5wgfYCeIjzzSr8qQHqYnV9NH2A8bUpVFAp M04zpV/zqPd2vlUPkppigHCyemV7sRuaXikGyUYm4Y6zBEhSg2vfyqfFmoggKoq8 aD6cWtKgCW3aSALA52JlVn5cPz17xvrk1zfStgtLPjHZTMHW19fDXq1hubxfR3q1 66LEfcs+13BFZW+09/eYSsC5vM96s4AfshErjtwpMxtVnc9MEIRNfRM9kfteaRvi s60EmM7xFvbx9acIQgKnLNNyjExzjySmgO0Bq7GNBu0gK1wNVpnOHI9EtBLfjOE7 YrYOxvwyTI5jFS0Txl846/dXwxy6gcX/bTlO6mqQFUicJcr7DU4GflHrt/t15VcK e7DBeWlhzV7yBoxC5yjS37dug0Ab9A9+TpCRxD5jwMWHZ3g+/8oXybCEqpuFwrqb kS1L4op0CHvouGbRldEtFookQud5deuqbEGxScGvOr8buENpnQmc6fzDh3jMH2wZ BNUHPzIYJHKqMXCK41jUB40/0v5iz5z5gHvRYfo8+ZOoLIFCp7zER3RDxwR8fGiK tqycmFiHaax09jHvqffRbwARfVrrrNbh4u/F7n3WWpbIsCjPOC4mI2 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LibVNCServer: Multiple vulnerabilities Date: August 09, 2019 Bugs: #659560, #673508 ID: 201908-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in LibVNCServer, the worst of which could result in the arbitrary execution of code. Background ========== LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libvncserver < 0.9.12 >= 0.9.12 Description =========== Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All LibVNCServer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.12" References ========== [ 1 ] CVE-2018-20019 https://nvd.nist.gov/vuln/detail/CVE-2018-20019 [ 2 ] CVE-2018-20020 https://nvd.nist.gov/vuln/detail/CVE-2018-20020 [ 3 ] CVE-2018-20021 https://nvd.nist.gov/vuln/detail/CVE-2018-20021 [ 4 ] CVE-2018-20022 https://nvd.nist.gov/vuln/detail/CVE-2018-20022 [ 5 ] CVE-2018-20023 https://nvd.nist.gov/vuln/detail/CVE-2018-20023 [ 6 ] CVE-2018-20024 https://nvd.nist.gov/vuln/detail/CVE-2018-20024 [ 7 ] CVE-2018-7225 https://nvd.nist.gov/vuln/detail/CVE-2018-7225 [ 8 ] CVE-2018-7226 https://nvd.nist.gov/vuln/detail/CVE-2018-7226 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2016-9941, CVE-2016-9942) It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

Trust: 2.16

sources: NVD: CVE-2018-20019 // JVNDB: JVNDB-2018-013230 // BID: 106821 // PACKETSTORM: 151513 // PACKETSTORM: 153999 // PACKETSTORM: 159669

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.6
vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f	Trust: 0.8
vendor:	ubuntu	model:	linux	scope:	eq	version:	18.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	18.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.11	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.10	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.9	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	ne	version:	0.9.12	Trust: 0.3

sources: BID: 106821 // JVNDB: JVNDB-2018-013230 // CNNVD: CNNVD-201812-841 // NVD: CVE-2018-20019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20019
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20019
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-841
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-20019
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-20019
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-20019
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2018-013230 // CNNVD: CNNVD-201812-841 // NVD: CVE-2018-20019

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-013230 // NVD: CVE-2018-20019

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 159669 // CNNVD: CNNVD-201812-841

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013230

PATCH

title:	[SECURITY] [DLA 1617-1] libvncserver security update	url:	https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html	Trust: 0.8
title:	DSA-4383	url:	https://www.debian.org/security/2019/dsa-4383	Trust: 0.8
title:	Top Page	url:	https://libvnc.github.io/index.html	Trust: 0.8
title:	LibVNC Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88028	Trust: 0.6

sources: JVNDB: JVNDB-2018-013230 // CNNVD: CNNVD-201812-841

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20019	Trust: 3.0
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-013230	Trust: 0.8
db:	PACKETSTORM	id:	153999	Trust: 0.7
db:	PACKETSTORM	id:	159669	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3329	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3625	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4032	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-201812-841	Trust: 0.6
db:	BID	id:	106821	Trust: 0.3
db:	PACKETSTORM	id:	151513	Trust: 0.1

sources: BID: 106821 // JVNDB: JVNDB-2018-013230 // PACKETSTORM: 151513 // PACKETSTORM: 153999 // PACKETSTORM: 159669 // CNNVD: CNNVD-201812-841 // NVD: CVE-2018-20019

REFERENCES

url:	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/	Trust: 2.7
url:	https://usn.ubuntu.com/3877-1/	Trust: 1.9
url:	https://security.gentoo.org/glsa/201908-05	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Trust: 1.6
url:	https://usn.ubuntu.com/4587-1/	Trust: 1.6
url:	https://www.debian.org/security/2019/dsa-4383	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html	Trust: 1.6
url:	https://usn.ubuntu.com/4547-1/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20019	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20019	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/dla-1979-1	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3625/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159669/ubuntu-security-notice-usn-4587-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/153999/gentoo-linux-security-advisory-201908-05.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4032/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329.2/	Trust: 0.6
url:	https://github.com/libvnc/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f	Trust: 0.3
url:	https://github.com/libvnc/libvncserver	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1661114	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-20019	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20023	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20020	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20024	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20022	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20021	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6307	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15127	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15126	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/libvncserver	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7226	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7225	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6051	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6055	Trust: 0.1
url:	https://usn.ubuntu.com/4587-1	Trust: 0.1

sources: BID: 106821 // JVNDB: JVNDB-2018-013230 // PACKETSTORM: 151513 // PACKETSTORM: 153999 // PACKETSTORM: 159669 // CNNVD: CNNVD-201812-841 // NVD: CVE-2018-20019

CREDITS

Ubuntu,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201812-841

SOURCES

db:	BID	id:	106821
db:	JVNDB	id:	JVNDB-2018-013230
db:	PACKETSTORM	id:	151513
db:	PACKETSTORM	id:	153999
db:	PACKETSTORM	id:	159669
db:	CNNVD	id:	CNNVD-201812-841
db:	NVD	id:	CVE-2018-20019

LAST UPDATE DATE

2024-11-23T20:47:21.520000+00:00

SOURCES UPDATE DATE

db:	BID	id:	106821	date:	2018-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-013230	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201812-841	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2018-20019	date:	2024-11-21T04:00:46.013

SOURCES RELEASE DATE

db:	BID	id:	106821	date:	2018-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-013230	date:	2019-02-18T00:00:00
db:	PACKETSTORM	id:	151513	date:	2019-02-05T02:10:33
db:	PACKETSTORM	id:	153999	date:	2019-08-09T22:08:54
db:	PACKETSTORM	id:	159669	date:	2020-10-21T21:38:07
db:	CNNVD	id:	CNNVD-201812-841	date:	2018-12-20T00:00:00
db:	NVD	id:	CVE-2018-20019	date:	2018-12-19T16:29:00.343