Details of VAR-202006-1847

ID

VAR-202006-1847

CVE

CVE-2020-14401

TITLE

LibVNCServer Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006692

DESCRIPTION

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. LibVNCServer Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-4434-1 July 23, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that LibVNCServer did not properly reset incorrectly terminated TCP connections. A remote attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2020-14398) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer incorrectly handled screen scaling on the server side. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14401) It was discovered that LibVNCServer incorrectly handled encodings. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) It was discovered that LibVNCServer incorrectly handled TextChat messages. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14405) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.2 libvncserver1 0.9.12+dfsg-9ubuntu0.2 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.3 libvncserver1 0.9.11+dfsg-1ubuntu1.3 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.5 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes. References: https://usn.ubuntu.com/4434-1 CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.3 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5

Trust: 1.71

sources: NVD: CVE-2020-14401 // JVNDB: JVNDB-2020-006692 // PACKETSTORM: 158543

AFFECTED PRODUCTS

vendor:	libvncserver	model:	libvncserver	scope:	lt	version:	0.9.13	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	eq	version:	0.9.13	Trust: 0.8

sources: JVNDB: JVNDB-2020-006692 // NVD: CVE-2020-14401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14401
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-006692
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202006-1182
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-14401
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006692
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-14401
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006692
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-006692 // CNNVD: CNNVD-202006-1182 // NVD: CVE-2020-14401

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2020-006692 // NVD: CVE-2020-14401

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 158543 // CNNVD: CNNVD-202006-1182

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1182

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006692

PATCH

title:	libvncserver: scale: cast to 64 bit before shifting	url:	https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af	Trust: 0.8
title:	Comparing changes	url:	https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13	Trust: 0.8
title:	LibVNCServer Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125165	Trust: 0.6

sources: JVNDB: JVNDB-2020-006692 // CNNVD: CNNVD-202006-1182

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14401	Trust: 2.5
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006692	Trust: 0.8
db:	PACKETSTORM	id:	158543	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2248	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2535	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2727	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2469	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2972	Trust: 0.6
db:	NSFOCUS	id:	48922	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1182	Trust: 0.6

sources: JVNDB: JVNDB-2020-006692 // PACKETSTORM: 158543 // CNNVD: CNNVD-202006-1182 // NVD: CVE-2020-14401

REFERENCES

url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/compare/libvncserver-0.9.12...libvncserver-0.9.13	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html	Trust: 1.6
url:	https://usn.ubuntu.com/4434-1/	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14401	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14401	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2469/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2248/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2535/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libvncserver-multiple-vulnerabilities-32651	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2727/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48922	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://packetstormsecurity.com/files/158543/ubuntu-security-notice-usn-4434-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2972/	Trust: 0.6
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14400	Trust: 0.1
url:	https://usn.ubuntu.com/4434-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14398	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14405	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14396	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14397	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20840	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.2	Trust: 0.1

sources: JVNDB: JVNDB-2020-006692 // PACKETSTORM: 158543 // CNNVD: CNNVD-202006-1182 // NVD: CVE-2020-14401

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 158543 // CNNVD: CNNVD-202006-1182

SOURCES

db:	JVNDB	id:	JVNDB-2020-006692
db:	PACKETSTORM	id:	158543
db:	CNNVD	id:	CNNVD-202006-1182
db:	NVD	id:	CVE-2020-14401

LAST UPDATE DATE

2024-11-23T19:55:14.538000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-006692	date:	2020-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202006-1182	date:	2021-12-17T00:00:00
db:	NVD	id:	CVE-2020-14401	date:	2024-11-21T05:03:11.240

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-006692	date:	2020-07-15T00:00:00
db:	PACKETSTORM	id:	158543	date:	2020-07-24T14:28:24
db:	CNNVD	id:	CNNVD-202006-1182	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2020-14401	date:	2020-06-17T16:15:12.087