Lucene search

K

GLSA-202006-06 : ssvnc: Multiple vulnerabilities

The remote host is affected by ssvnc software with multiple vulnerabilities. Please review the referenced CVE identifiers for details

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Gentoo Linux
ssvnc: Multiple vulnerabilities
13 Jun 202000:00
gentoo
Gentoo Linux
LibVNCServer: Multiple vulnerabilities
9 Aug 201900:00
gentoo
OSV
ssvnc - security update
29 Nov 201900:00
osv
OSV
ssvnc vulnerabilities
28 Sep 202019:52
osv
OSV
libvncserver - security update
25 Dec 201800:00
osv
OSV
libvncserver - security update
3 Feb 201900:00
osv
OSV
italc vulnerabilities
28 Sep 202016:07
osv
OSV
CVE-2018-20024
19 Dec 201816:29
osv
OSV
CVE-2018-20020
19 Dec 201816:29
osv
OSV
CVE-2018-20022
19 Dec 201816:29
osv
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202006-06.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(137443);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");

  script_cve_id("CVE-2018-20020", "CVE-2018-20021", "CVE-2018-20022", "CVE-2018-20024");
  script_xref(name:"GLSA", value:"202006-06");

  script_name(english:"GLSA-202006-06 : ssvnc: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is affected by the vulnerability described in GLSA-202006-06
(ssvnc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ssvnc. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    Please review the referenced CVE identifiers for details.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/202006-06"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Gentoo has discontinued support for ssvnc. We recommend that users
      unmerge ssvnc:
      # emerge --unmerge 'net-misc/ssvnc'
    NOTE: The Gentoo developer(s) maintaining ssvnc have discontinued
      support at this time. It may be possible that a new Gentoo developer will
      update ssvnc at a later date. An alternative may be a manual SSH tunnel."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20020");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ssvnc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/ssvnc", unaffected:make_list(), vulnerable:make_list("le 1.0.29-r2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ssvnc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Jun 2020 00:00Current
0.6Low risk
Vulners AI Score0.6
CVSS27.8
CVSS39.8
EPSS0.076
18
.json
Report