Details of VAR-201901-1642

ID

VAR-201901-1642

CVE

CVE-2018-20750

TITLE

LibVNC Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-014090

DESCRIPTION

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

Trust: 1.98

sources: NVD: CVE-2018-20750 // JVNDB: JVNDB-2018-014090 // BID: 106825 // PACKETSTORM: 159669

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	libvnc	model:	libvncserver	scope:	lte	version:	0.9.12	Trust: 0.8
vendor:	ubuntu	model:	linux	scope:	eq	version:	18.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	18.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	-7.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server extended update support	scope:	eq	version:	-7.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian extended update supp	scope:	eq	version:	-7.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power	scope:	eq	version:	97	Trust: 0.3
vendor:	redhat	model:	enterprise linux for arm	scope:	eq	version:	647	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.11	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.10	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.9	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	ne	version:	0.9.12	Trust: 0.3

sources: BID: 106825 // JVNDB: JVNDB-2018-014090 // NVD: CVE-2018-20750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20750
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20750
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-1018
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-20750
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-20750
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-20750
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2018-014090 // CNNVD: CNNVD-201901-1018 // NVD: CVE-2018-20750

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-014090 // NVD: CVE-2018-20750

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1018

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-1018

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014090

PATCH

title:	[SECURITY] [DLA 1652-1] libvncserver security update	url:	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Trust: 0.8
title:	Limit lenght to INT_MAX bytes in rfbProcessFileTransferReadBuffer()	url:	https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec	Trust: 0.8
title:	USN-3877-1	url:	https://usn.ubuntu.com/3877-1/	Trust: 0.8
title:	LibVNC Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89048	Trust: 0.6

sources: JVNDB: JVNDB-2018-014090 // CNNVD: CNNVD-201901-1018

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20750	Trust: 2.8
db:	OPENWALL	id:	OSS-SECURITY/2018/12/10/8	Trust: 2.7
db:	BID	id:	106825	Trust: 1.9
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014090	Trust: 0.8
db:	PACKETSTORM	id:	159669	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3625	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4032	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0460	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-201901-1018	Trust: 0.6

sources: BID: 106825 // JVNDB: JVNDB-2018-014090 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1018 // NVD: CVE-2018-20750

REFERENCES

url:	http://www.securityfocus.com/bid/106825	Trust: 2.8
url:	https://www.openwall.com/lists/oss-security/2018/12/10/8	Trust: 2.7
url:	https://github.com/libvnc/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec	Trust: 1.9
url:	https://usn.ubuntu.com/3877-1/	Trust: 1.9
url:	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Trust: 1.9
url:	https://github.com/libvnc/libvncserver/issues/273	Trust: 1.9
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Trust: 1.6
url:	https://usn.ubuntu.com/4587-1/	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://usn.ubuntu.com/4547-1/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20750	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20750	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/dla-1979-1	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3625/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159669/ubuntu-security-notice-usn-4587-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75562	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4032/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329.2/	Trust: 0.6
url:	https://github.com/libvnc/libvncserver	Trust: 0.3
url:	https://github.com/libvnc/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-20749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-20750	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20019	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20023	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20024	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6051	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6055	Trust: 0.1
url:	https://usn.ubuntu.com/4587-1	Trust: 0.1

sources: BID: 106825 // JVNDB: JVNDB-2018-014090 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1018 // NVD: CVE-2018-20750

CREDITS

Ubuntu,Solar Designer

Trust: 0.6

sources: CNNVD: CNNVD-201901-1018

SOURCES

db:	BID	id:	106825
db:	JVNDB	id:	JVNDB-2018-014090
db:	PACKETSTORM	id:	159669
db:	CNNVD	id:	CNNVD-201901-1018
db:	NVD	id:	CVE-2018-20750

LAST UPDATE DATE

2024-11-23T19:41:08.516000+00:00

SOURCES UPDATE DATE

db:	BID	id:	106825	date:	2019-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-014090	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-1018	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2018-20750	date:	2024-11-21T04:02:05.540

SOURCES RELEASE DATE

db:	BID	id:	106825	date:	2019-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-014090	date:	2019-03-12T00:00:00
db:	PACKETSTORM	id:	159669	date:	2020-10-21T21:38:07
db:	CNNVD	id:	CNNVD-201901-1018	date:	2019-01-31T00:00:00
db:	NVD	id:	CVE-2018-20750	date:	2019-01-30T18:29:00.473