Details of VAR-202006-1851

ID

VAR-202006-1851

CVE

CVE-2018-21247

TITLE

LibVNCServer Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016441

DESCRIPTION

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. LibVNCServer There is an information leakage vulnerability in.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libvncserver security update Advisory ID: RHSA-2021:1811-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1811 Issue date: 2021-05-18 CVE Names: CVE-2018-21247 CVE-2019-20839 CVE-2020-14397 CVE-2020-14405 CVE-2020-25708 ==================================================================== 1. Summary: An update for libvncserver is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1849877 - CVE-2019-20839 libvncserver: buffer overflow in ConnectClientToUnixSock() 1849886 - CVE-2018-21247 libvncserver: uninitialized memory contents are vulnerable to Information Leak 1860325 - CVE-2020-14405 libvncserver: libvncclient/rfbproto.c does not limit TextChat size 1860344 - CVE-2020-14397 libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference 1896739 - CVE-2020-25708 libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libvncserver-0.9.11-17.el8.src.rpm aarch64: libvncserver-0.9.11-17.el8.aarch64.rpm libvncserver-debuginfo-0.9.11-17.el8.aarch64.rpm libvncserver-debugsource-0.9.11-17.el8.aarch64.rpm ppc64le: libvncserver-0.9.11-17.el8.ppc64le.rpm libvncserver-debuginfo-0.9.11-17.el8.ppc64le.rpm libvncserver-debugsource-0.9.11-17.el8.ppc64le.rpm s390x: libvncserver-0.9.11-17.el8.s390x.rpm libvncserver-debuginfo-0.9.11-17.el8.s390x.rpm libvncserver-debugsource-0.9.11-17.el8.s390x.rpm x86_64: libvncserver-0.9.11-17.el8.i686.rpm libvncserver-0.9.11-17.el8.x86_64.rpm libvncserver-debuginfo-0.9.11-17.el8.i686.rpm libvncserver-debuginfo-0.9.11-17.el8.x86_64.rpm libvncserver-debugsource-0.9.11-17.el8.i686.rpm libvncserver-debugsource-0.9.11-17.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: libvncserver-debuginfo-0.9.11-17.el8.aarch64.rpm libvncserver-debugsource-0.9.11-17.el8.aarch64.rpm libvncserver-devel-0.9.11-17.el8.aarch64.rpm ppc64le: libvncserver-debuginfo-0.9.11-17.el8.ppc64le.rpm libvncserver-debugsource-0.9.11-17.el8.ppc64le.rpm libvncserver-devel-0.9.11-17.el8.ppc64le.rpm s390x: libvncserver-debuginfo-0.9.11-17.el8.s390x.rpm libvncserver-debugsource-0.9.11-17.el8.s390x.rpm libvncserver-devel-0.9.11-17.el8.s390x.rpm x86_64: libvncserver-debuginfo-0.9.11-17.el8.i686.rpm libvncserver-debuginfo-0.9.11-17.el8.x86_64.rpm libvncserver-debugsource-0.9.11-17.el8.i686.rpm libvncserver-debugsource-0.9.11-17.el8.x86_64.rpm libvncserver-devel-0.9.11-17.el8.i686.rpm libvncserver-devel-0.9.11-17.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-21247 https://access.redhat.com/security/cve/CVE-2019-20839 https://access.redhat.com/security/cve/CVE-2020-14397 https://access.redhat.com/security/cve/CVE-2020-14405 https://access.redhat.com/security/cve/CVE-2020-25708 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPzPNzjgjWX9erEAQgJcQ//eFCPv7OwkNtF1owJhqkboBZSSILHH2sX bXDy/9rdYjrY13E6kfMdjvXQyfSa8RM1lB+3LldAA1LokLqf6aTEHrBrjDadAKSW 2FfxerEbatQLlQubcxtrb5gn3ZUv+8gf/n3E8Fgjxm4EQkCZC3TF7Smmj3ofELtq 2aYKRKyOGrMR2JZuySPuB5fm9/8LcYlfn5atG4Yqc4QofgGe2YhORY6GuneUOSBr Li0LBXpBI7o3VY0dosXListDptm8UEZ8sx/hUEqR2YEBoQoGF3EZsuNsqzYkG99e i6LmBTh8zCgsnOHKrLVmG00YauAdpPrgmOq2cay7bw0jhAzp+huLtSCZ5yvEbh8p xOXM0YbocGwSoKdJ6RGaquYD4Vw/aKHIxp1L6BE3hMe2lIt6dObu+VxtgFmUVDFv iUvmv9J1Jr7lZAByA0r+1gnnfrXyUc+ln3jhuu0xZ3tQvGiEAKAsvDNB8/78TCT/ CmuU0jwvBxTqeISxAaWcCrl9LHg+gZv6wop8j8L/BDyEY4zQgAT11nRo0cXjFaE0 YgmFxA5kAEqDiNr2k/kq3w+sUH9pdEhiJQTqTt0uZvHesKXaIKTa7YKnvPgWbolM Nhw8esGKItirSh536uT/9/4DIQegxxM8sx5PhQCwL5pKldNGwiLyuFUF2ypRu9KT 8A9MNz92TFY=uZts -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2018-21247 // JVNDB: JVNDB-2018-016441 // CNNVD: CNNVD-202104-975 // PACKETSTORM: 162682

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic itc2200	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	siemens	model:	simatic itc2200	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	lte	version:	0.9.12	Trust: 1.0
vendor:	siemens	model:	simatic itc2200 pro	scope:	gte	version:	3.0.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500 pro	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1900	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	siemens	model:	simatic itc1500	scope:	lt	version:	3.2.1.0	Trust: 1.0
vendor:	libvnc	model:	libvncserver	scope:	eq	version:	0.9.13	Trust: 0.8

sources: JVNDB: JVNDB-2018-016441 // NVD: CVE-2018-21247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21247
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2018-016441
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1174
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-21247
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2018-016441
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2018-21247
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2018-016441
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2018-016441 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1174 // NVD: CVE-2018-21247

PROBLEMTYPE DATA

problemtype:	CWE-909	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2018-016441 // NVD: CVE-2018-21247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1174

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016441

PATCH

title:	Comparing changes	url:	https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13	Trust: 0.8
title:	SECURITY: memory leak in libvncclient in ConnectToRFBRepeater function #253	url:	https://github.com/LibVNC/libvncserver/issues/253	Trust: 0.8
title:	LibVNCServer Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122067	Trust: 0.6

sources: JVNDB: JVNDB-2018-016441 // CNNVD: CNNVD-202006-1174

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21247	Trust: 2.5
db:	SIEMENS	id:	SSA-390195	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-016441	Trust: 0.8
db:	PACKETSTORM	id:	162682	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1705	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2469	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2727	Trust: 0.6
db:	CS-HELP	id:	SB2021121649	Trust: 0.6
db:	CS-HELP	id:	SB2021052205	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1174	Trust: 0.6

sources: JVNDB: JVNDB-2018-016441 // PACKETSTORM: 162682 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1174 // NVD: CVE-2018-21247

REFERENCES

url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/compare/libvncserver-0.9.12...libvncserver-0.9.13	Trust: 1.6
url:	https://github.com/libvnc/libvncserver/issues/253	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html	Trust: 1.6
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-21247	Trust: 1.5
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21247	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2469/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2727/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052205	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1705	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libvncserver-information-disclosure-via-connecttorfbrepeater-32872	Trust: 0.6
url:	https://packetstormsecurity.com/files/162682/red-hat-security-advisory-2021-1811-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-14397	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25708	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14397	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-21247	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14405	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14405	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25708	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20839	Trust: 0.1

sources: JVNDB: JVNDB-2018-016441 // PACKETSTORM: 162682 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1174 // NVD: CVE-2018-21247

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 162682 // CNNVD: CNNVD-202006-1174

SOURCES

db:	JVNDB	id:	JVNDB-2018-016441
db:	PACKETSTORM	id:	162682
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202006-1174
db:	NVD	id:	CVE-2018-21247

LAST UPDATE DATE

2024-11-23T19:29:28.606000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-016441	date:	2020-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1174	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2018-21247	date:	2024-11-21T04:03:16.920

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-016441	date:	2020-07-15T00:00:00
db:	PACKETSTORM	id:	162682	date:	2021-05-19T14:14:14
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1174	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2018-21247	date:	2020-06-17T16:15:11.367