Details of VAR-201910-1737

ID

VAR-201910-1737

CVE

CVE-2019-15681

TITLE

LibVNC Vulnerabilities related to lack of effective post-lifetime resource release

Trust: 0.8

sources: JVNDB: JVNDB-2019-011494

DESCRIPTION

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC Contains vulnerabilities related to lack of effective post-lifetime resource release and initialization vulnerabilities.Information may be obtained. ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1 Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4 After a standard system update you need to restart LibVNCServer to make all the necessary changes. References: https://usn.ubuntu.com/4407-1 CVE-2017-18922, CVE-2019-15680, CVE-2019-15681, CVE-2019-15690, CVE-2019-20788 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4 . Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. (CVE-2016-9941, CVE-2016-9942) It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities

Trust: 1.98

sources: NVD: CVE-2019-15681 // JVNDB: JVNDB-2019-011494 // PACKETSTORM: 159308 // PACKETSTORM: 158281 // PACKETSTORM: 159499 // PACKETSTORM: 159669

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lt	version:	d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a	Trust: 0.8

sources: JVNDB: JVNDB-2019-011494 // NVD: CVE-2019-15681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15681
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15681
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-1689
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-15681
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-15681
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15681
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-011494 // CNNVD: CNNVD-201910-1689 // NVD: CVE-2019-15681

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.8
problemtype:	CWE-772	Trust: 0.8

sources: JVNDB: JVNDB-2019-011494 // NVD: CVE-2019-15681

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 159308 // PACKETSTORM: 159499 // PACKETSTORM: 159669 // CNNVD: CNNVD-201910-1689

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1689

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011494

PATCH

title:	rfbserver: don't leak stack memory to the remote	url:	https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a	Trust: 0.8
title:	LibVNCServer Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101622	Trust: 0.6

sources: JVNDB: JVNDB-2019-011494 // CNNVD: CNNVD-201910-1689

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15681	Trust: 2.8
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-011494	Trust: 0.8
db:	PACKETSTORM	id:	159308	Trust: 0.7
db:	PACKETSTORM	id:	158281	Trust: 0.7
db:	PACKETSTORM	id:	159499	Trust: 0.7
db:	PACKETSTORM	id:	159669	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4771	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3625	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1266	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1572	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3329	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4523	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3465	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4033	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1689	Trust: 0.6

sources: JVNDB: JVNDB-2019-011494 // PACKETSTORM: 159308 // PACKETSTORM: 158281 // PACKETSTORM: 159499 // PACKETSTORM: 159669 // CNNVD: CNNVD-201910-1689 // NVD: CVE-2019-15681

REFERENCES

url:	https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html	Trust: 2.2
url:	https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html	Trust: 1.6
url:	https://usn.ubuntu.com/4407-1/	Trust: 1.6
url:	https://usn.ubuntu.com/4573-1/	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html	Trust: 1.6
url:	https://usn.ubuntu.com/4587-1/	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://usn.ubuntu.com/4547-1/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15681	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/dla-1977-1	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libvnc-information-disclosure-via-rfbsendservercuttext-30750	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3625/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4523/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4771/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4033/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3329.2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159669/ubuntu-security-notice-usn-4587-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2515/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159308/ubuntu-security-notice-usn-4547-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3465/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1572/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158281/ubuntu-security-notice-usn-4407-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1266/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159499/ubuntu-security-notice-usn-4573-1.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20023	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20024	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7225	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20749	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15127	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20022	Trust: 0.1
url:	https://usn.ubuntu.com/4547-1	Trust: 0.1
url:	https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce	Trust: 0.1
url:	https://usn.ubuntu.com/4407-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15680	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18922	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20788	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vino/3.8.1-0ubuntu9.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14404	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14402	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vino/3.22.0-5ubuntu2.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14403	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vino/3.22.0-3ubuntu1.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14397	Trust: 0.1
url:	https://usn.ubuntu.com/4573-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6053	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20019	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6051	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6055	Trust: 0.1
url:	https://usn.ubuntu.com/4587-1	Trust: 0.1

CREDITS

Ubuntu

Trust: 1.0

sources: PACKETSTORM: 159308 // PACKETSTORM: 158281 // PACKETSTORM: 159499 // PACKETSTORM: 159669 // CNNVD: CNNVD-201910-1689

SOURCES

db:	JVNDB	id:	JVNDB-2019-011494
db:	PACKETSTORM	id:	159308
db:	PACKETSTORM	id:	158281
db:	PACKETSTORM	id:	159499
db:	PACKETSTORM	id:	159669
db:	CNNVD	id:	CNNVD-201910-1689
db:	NVD	id:	CVE-2019-15681

LAST UPDATE DATE

2024-11-23T21:09:15.201000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-011494	date:	2019-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-1689	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2019-15681	date:	2024-11-21T04:29:15.050

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-011494	date:	2019-11-11T00:00:00
db:	PACKETSTORM	id:	159308	date:	2020-09-28T20:30:26
db:	PACKETSTORM	id:	158281	date:	2020-07-02T15:43:16
db:	PACKETSTORM	id:	159499	date:	2020-10-07T16:06:41
db:	PACKETSTORM	id:	159669	date:	2020-10-21T21:38:07
db:	CNNVD	id:	CNNVD-201910-1689	date:	2019-10-29T00:00:00
db:	NVD	id:	CVE-2019-15681	date:	2019-10-29T19:15:18.127