Details of VAR-201901-1644

ID

VAR-201901-1644

CVE

CVE-2018-20748

TITLE

LibVNC Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-014092

DESCRIPTION

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to a local heap-based buffer-overflow vulnerability. Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. Note: This issue is the result of an incomplete fix for issue CVE-2018-20019 described in 106821 (LibVNCServer CVE-2018-20019 Multiple Heap Buffer Overflow Vulnerabilities). Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled certain operations. ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

Trust: 2.07

sources: NVD: CVE-2018-20748 // JVNDB: JVNDB-2018-014092 // BID: 106823 // PACKETSTORM: 151457 // PACKETSTORM: 159669

AFFECTED PRODUCTS

vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	libvnc	model:	libvncserver	scope:	lte	version:	0.9.12	Trust: 0.8
vendor:	ubuntu	model:	linux	scope:	eq	version:	18.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	18.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.11	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.10	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.9	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	libvncserver	model:	libvncserver	scope:	ne	version:	0.9.12	Trust: 0.3

sources: BID: 106823 // JVNDB: JVNDB-2018-014092 // NVD: CVE-2018-20748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20748
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20748
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-1016
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-20748
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-20748
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-20748
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2018-014092 // CNNVD: CNNVD-201901-1016 // NVD: CVE-2018-20748

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-014092 // NVD: CVE-2018-20748

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 151457 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1016

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-1016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014092

PATCH

title:	[SECURITY] [DLA 1652-1] libvncserver security update	url:	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Trust: 0.8
title:	LibVNCClient: remove now-useless cast	url:	https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae	Trust: 0.8
title:	LibVNCClient: fail on server-sent desktop name lengths longer than 1MB	url:	https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7	Trust: 0.8
title:	LibVNCClient: ignore server-sent cut text longer than 1MB	url:	https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a	Trust: 0.8
title:	LibVNCClient: ignore server-sent reason strings longer than 1MB	url:	https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c	Trust: 0.8
title:	USN-3877-1	url:	https://usn.ubuntu.com/3877-1/	Trust: 0.8
title:	LibVNC Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89046	Trust: 0.6

sources: JVNDB: JVNDB-2018-014092 // CNNVD: CNNVD-201901-1016

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20748	Trust: 2.9
db:	OPENWALL	id:	OSS-SECURITY/2018/12/10/8	Trust: 2.7
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014092	Trust: 0.8
db:	PACKETSTORM	id:	159669	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4771	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3625	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4032	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0460	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-201901-1016	Trust: 0.6
db:	BID	id:	106823	Trust: 0.3
db:	PACKETSTORM	id:	151457	Trust: 0.1

sources: BID: 106823 // JVNDB: JVNDB-2018-014092 // PACKETSTORM: 151457 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1016 // NVD: CVE-2018-20748

REFERENCES

url:	https://www.openwall.com/lists/oss-security/2018/12/10/8	Trust: 2.7
url:	https://github.com/libvnc/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7	Trust: 1.9
url:	https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a	Trust: 1.9
url:	https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c	Trust: 1.9
url:	https://github.com/libvnc/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae	Trust: 1.9
url:	https://github.com/libvnc/libvncserver/issues/273	Trust: 1.9
url:	https://usn.ubuntu.com/3877-1/	Trust: 1.9
url:	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Trust: 1.9
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Trust: 1.6
url:	https://usn.ubuntu.com/4587-1/	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://usn.ubuntu.com/4547-1/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20748	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20748	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/dla-1979-1	Trust: 0.6
url:	https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3625/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159669/ubuntu-security-notice-usn-4587-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75562	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4771/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4032/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329.2/	Trust: 0.6
url:	https://github.com/libvnc/libvncserver	Trust: 0.3
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.1ubuntu0.1	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3877-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15126	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20019	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20023	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20024	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6051	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6055	Trust: 0.1
url:	https://usn.ubuntu.com/4587-1	Trust: 0.1

sources: BID: 106823 // JVNDB: JVNDB-2018-014092 // PACKETSTORM: 151457 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1016 // NVD: CVE-2018-20748

CREDITS

Ubuntu

Trust: 0.8

sources: PACKETSTORM: 151457 // PACKETSTORM: 159669 // CNNVD: CNNVD-201901-1016

SOURCES

db:	BID	id:	106823
db:	JVNDB	id:	JVNDB-2018-014092
db:	PACKETSTORM	id:	151457
db:	PACKETSTORM	id:	159669
db:	CNNVD	id:	CNNVD-201901-1016
db:	NVD	id:	CVE-2018-20748

LAST UPDATE DATE

2024-11-23T20:20:59.112000+00:00

SOURCES UPDATE DATE

db:	BID	id:	106823	date:	2018-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-014092	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-1016	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2018-20748	date:	2024-11-21T04:02:05.180

SOURCES RELEASE DATE

db:	BID	id:	106823	date:	2018-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-014092	date:	2019-03-12T00:00:00
db:	PACKETSTORM	id:	151457	date:	2019-02-01T17:21:10
db:	PACKETSTORM	id:	159669	date:	2020-10-21T21:38:07
db:	CNNVD	id:	CNNVD-201901-1016	date:	2019-01-31T00:00:00
db:	NVD	id:	CVE-2018-20748	date:	2019-01-30T18:29:00.257