EulerOS 2.0 SP5 libvncserver vulnerabilitie
Reporter | Title | Published | Views | Family All 178 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2019-1033) | 23 Jan 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:13927-1) | 9 Jun 202100:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for LibVNCServer (openSUSE-SU-2019:0045-1) | 12 Jan 201900:00 | – | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2019-0037) | 28 Jan 202200:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for LibVNCServer (openSUSE-SU-2019:0053-1) | 18 Jan 201900:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2019-1051) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-4383-1) | 2 Feb 201900:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2019-1096) | 23 Jan 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:0060-1) | 19 Apr 202100:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:0080-1) | 9 Jun 202100:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(122206);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/20");
script_cve_id(
"CVE-2018-15126",
"CVE-2018-15127",
"CVE-2018-20019",
"CVE-2018-20020",
"CVE-2018-20022",
"CVE-2018-20024",
"CVE-2018-6307"
);
script_name(english:"EulerOS 2.0 SP5 : libvncserver (EulerOS-SA-2019-1033)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libvncserver package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- libvncserver: Heap out-of-bounds write in rfbserver.c
in rfbProcessFileTransferReadBuffer() allows for
potential code execution (CVE-2018-15127)
- LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap
out-of-bound write vulnerability inside structure in
VNC client code that can result remote code
execution(CVE-2018-20020)
- LibVNC before commit
ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap
use-after-free vulnerability in server code of file
transfer extension that can result remote code
execution.(CVE-2018-6307)
- LibVNC before commit
73cb96fec028a576a5a24417b57723b55854ad7b contains heap
use-after-free vulnerability in server code of file
transfer extension that can result remote code
execution(CVE-2018-15126)
- LibVNC before commit
a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains
multiple heap out-of-bound write vulnerabilities in VNC
client code that can result remote code
execution(CVE-2018-20019)
- LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
contains multiple weaknesses CWE-665: Improper
Initialization vulnerability in VNC client code that
allows attacker to read stack memory and can be abuse
for information disclosure. Combined with another
vulnerability, it can be used to leak stack memory
layout and in bypassing ASLR(CVE-2018-20022)
- LibVNC before commit
4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null
pointer dereference in VNC client code that can result
DoS.(CVE-2018-20024)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1033
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8891a06");
script_set_attribute(attribute:"solution", value:
"Update the affected libvncserver packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20020");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvncserver");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["libvncserver-0.9.9-12.h9.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvncserver");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo