Sign-up

ID

VAR-202006-1855


CVE

CVE-2020-14396


TITLE

LibVNCServer In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-006693

DESCRIPTION

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. LibVNCServer To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-4434-1 July 23, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that LibVNCServer did not properly reset incorrectly terminated TCP connections. A remote attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2020-14398) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer incorrectly handled screen scaling on the server side. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14401) It was discovered that LibVNCServer incorrectly handled encodings. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) It was discovered that LibVNCServer incorrectly handled TextChat messages. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14405) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.2 libvncserver1 0.9.12+dfsg-9ubuntu0.2 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.3 libvncserver1 0.9.11+dfsg-1ubuntu1.3 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.5 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes. References: https://usn.ubuntu.com/4434-1 CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.3 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5

Trust: 1.71

sources: NVD: CVE-2020-14396 // JVNDB: JVNDB-2020-006693 // PACKETSTORM: 158543

AFFECTED PRODUCTS

vendor:siemensmodel:simatic itc2200scope:gteversion:3.0.0.0

Trust: 1.0

vendor:siemensmodel:simatic itc1500 proscope:gteversion:3.0.0.0

Trust: 1.0

vendor:siemensmodel:simatic itc2200 proscope:ltversion:3.2.1.0

Trust: 1.0

vendor:siemensmodel:simatic itc1900 proscope:gteversion:3.0.0.0

Trust: 1.0

vendor:siemensmodel:simatic itc2200scope:ltversion:3.2.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:siemensmodel:simatic itc1900scope:gteversion:3.0.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:siemensmodel:simatic itc1500scope:gteversion:3.0.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:libvncmodel:libvncserverscope:lteversion:0.9.12

Trust: 1.0

vendor:siemensmodel:simatic itc2200 proscope:gteversion:3.0.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic itc1900 proscope:ltversion:3.2.1.0

Trust: 1.0

vendor:siemensmodel:simatic itc1500 proscope:ltversion:3.2.1.0

Trust: 1.0

vendor:siemensmodel:simatic itc1900scope:ltversion:3.2.1.0

Trust: 1.0

vendor:siemensmodel:simatic itc1500scope:ltversion:3.2.1.0

Trust: 1.0

vendor:libvncmodel:libvncserverscope:eqversion:0.9.13

Trust: 0.8

sources: JVNDB: JVNDB-2020-006693 // NVD: CVE-2020-14396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14396
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006693
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1175
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-14396
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006693
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-14396
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006693
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-006693 // CNNVD: CNNVD-202006-1175 // NVD: CVE-2020-14396

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2020-006693 // NVD: CVE-2020-14396

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 158543 // CNNVD: CNNVD-202006-1175

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006693

PATCH
title:libvncclient/tls_openssl: do not deref a NULL pointerurl:https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
Trust: 0.8
title:Comparing changesurl:https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
Trust: 0.8
title:LibVNCServer Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122068
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006693 // 
            
            
            
            CNNVD: CNNVD-202006-1175

EXTERNAL IDS
db:NVDid:CVE-2020-14396
Trust: 2.5
db:SIEMENSid:SSA-390195
Trust: 1.6
db:JVNDBid:JVNDB-2020-006693
Trust: 0.8
db:PACKETSTORMid:158543
Trust: 0.7
db:CS-HELPid:SB2021121649
Trust: 0.6
db:NSFOCUSid:48869
Trust: 0.6
db:AUSCERTid:ESB-2020.2535
Trust: 0.6
db:CNNVDid:CNNVD-202006-1175
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006693 // 
            
            
            
            PACKETSTORM: 158543 // 
            
            
            
            CNNVD: CNNVD-202006-1175 // 
            
            
            
            NVD: CVE-2020-14396

REFERENCES
url:https://github.com/libvnc/libvncserver/compare/libvncserver-0.9.12...libvncserver-0.9.13
Trust: 1.6
url:https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Trust: 1.6
url:https://usn.ubuntu.com/4434-1/
Trust: 1.6
url:https://github.com/libvnc/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-14396
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14396
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2535/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48869
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021121649
Trust: 0.6
url:https://packetstormsecurity.com/files/158543/ubuntu-security-notice-usn-4434-1.html
Trust: 0.6
url:https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.3
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14400
Trust: 0.1
url:https://usn.ubuntu.com/4434-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14402
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14398
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14401
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14405
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14397
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-20839
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-20840
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.2
Trust: 0.1
sources:
            
            
            JVNDB: JVNDB-2020-006693 // 
            
            
            
            PACKETSTORM: 158543 // 
            
            
            
            CNNVD: CNNVD-202006-1175 // 
            
            
            
            NVD: CVE-2020-14396

CREDITS
Ubuntu
Trust: 0.7
sources:
            
            
            PACKETSTORM: 158543 // 
            
            
            
            CNNVD: CNNVD-202006-1175

SOURCES
db:JVNDBid:JVNDB-2020-006693
db:PACKETSTORMid:158543
db:CNNVDid:CNNVD-202006-1175
db:NVDid:CVE-2020-14396

LAST UPDATE DATE
2024-11-23T21:14:41.473000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-006693date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-1175date:2021-12-17T00:00:00
db:NVDid:CVE-2020-14396date:2024-11-21T05:03:10.293

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-006693date:2020-07-15T00:00:00
db:PACKETSTORMid:158543date:2020-07-24T14:28:24
db:CNNVDid:CNNVD-202006-1175date:2020-06-17T00:00:00
db:NVDid:CVE-2020-14396date:2020-06-17T16:15:11.697