Details of VAR-202004-2206

ID

VAR-202004-2206

CVE

CVE-2019-20788

TITLE

LibVNCServer Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015480

DESCRIPTION

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. LibVNCServer Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1 Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4 After a standard system update you need to restart LibVNCServer to make all the necessary changes. References: https://usn.ubuntu.com/4407-1 CVE-2017-18922, CVE-2019-15680, CVE-2019-15681, CVE-2019-15690, CVE-2019-20788 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4

Trust: 1.71

sources: NVD: CVE-2019-20788 // JVNDB: JVNDB-2019-015480 // PACKETSTORM: 158281

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lte	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	eq	version:	0.9.12	Trust: 0.8

sources: JVNDB: JVNDB-2019-015480 // NVD: CVE-2019-20788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20788
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-015480
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202004-2009
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-20788
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015480
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-20788
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015480
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-015480 // CNNVD: CNNVD-202004-2009 // NVD: CVE-2019-20788

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.8
problemtype:	CWE-787	Trust: 1.0

sources: JVNDB: JVNDB-2019-015480 // NVD: CVE-2019-20788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2009

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2009

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015480

PATCH

title:	libvncclient/cursor: limit width/height input values	url:	https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed	Trust: 0.8
title:	LibVNCServer Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116769	Trust: 0.6

sources: JVNDB: JVNDB-2019-015480 // CNNVD: CNNVD-202004-2009

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20788	Trust: 2.5
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-015480	Trust: 0.8
db:	PACKETSTORM	id:	158281	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1572	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2009	Trust: 0.6

sources: JVNDB: JVNDB-2019-015480 // PACKETSTORM: 158281 // CNNVD: CNNVD-202004-2009 // NVD: CVE-2019-20788

REFERENCES

url:	https://securitylab.github.com/advisories/ghsl-2020-064-libvnc-libvncclient	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html	Trust: 1.6
url:	https://usn.ubuntu.com/4407-1/	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20788	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20788	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libvncserver-buffer-overflow-32176	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1572/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158281/ubuntu-security-notice-usn-4407-1.html	Trust: 0.6
url:	https://usn.ubuntu.com/4407-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15681	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15680	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18922	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1	Trust: 0.1

sources: JVNDB: JVNDB-2019-015480 // PACKETSTORM: 158281 // CNNVD: CNNVD-202004-2009 // NVD: CVE-2019-20788

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 158281 // CNNVD: CNNVD-202004-2009

SOURCES

db:	JVNDB	id:	JVNDB-2019-015480
db:	PACKETSTORM	id:	158281
db:	CNNVD	id:	CNNVD-202004-2009
db:	NVD	id:	CVE-2019-20788

LAST UPDATE DATE

2024-11-23T20:20:02.835000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-015480	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2009	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2019-20788	date:	2024-11-21T04:39:21.960

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-015480	date:	2020-05-25T00:00:00
db:	PACKETSTORM	id:	158281	date:	2020-07-02T15:43:16
db:	CNNVD	id:	CNNVD-202004-2009	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2019-20788	date:	2020-04-23T19:15:12.763