Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:168)

2014-09-1200:00:00

www.tenable.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.01 Low

EPSS

Percentile

83.9%

JSON

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607).

The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy.

The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2014:168. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(77647);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-4607");
  script_bugtraq_id(68213);
  script_xref(name:"MDVSA", value:"2014:168");

  script_name(english:"Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:168)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An integer overflow in liblzo before 2.07 allows attackers to cause a
denial of service or possibly code execution in applications using
performing LZO decompression on a compressed payload from the attacker
(CVE-2014-4607).

The libvncserver library is built with a bundled copy of minilzo,
which is a part of liblzo containing the vulnerable code.

The x11vnc packages is now build against the system libvncserver
library to avoid security issues in the bundled copy.

The icecream packages is built with a bundled copy of minilzo, which
is a part of liblzo containing the vulnerable code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0356.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0357.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0361.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icecream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icecream-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icecream-scheduler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64vncserver-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64vncserver0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxvnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11vnc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"icecream-0.9.7-4.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"icecream-devel-0.9.7-4.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"icecream-scheduler-0.9.7-4.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64vncserver-devel-0.9.8.2-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64vncserver0-0.9.8.2-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"linuxvnc-0.9.8.2-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"x11vnc-0.9.13-2.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxicecreamp-cpe:/a:mandriva:linux:icecream
mandrivalinuxicecream-develp-cpe:/a:mandriva:linux:icecream-devel
mandrivalinuxicecream-schedulerp-cpe:/a:mandriva:linux:icecream-scheduler
mandrivalinuxlib64vncserver-develp-cpe:/a:mandriva:linux:lib64vncserver-devel
mandrivalinuxlib64vncserver0p-cpe:/a:mandriva:linux:lib64vncserver0
mandrivalinuxlinuxvncp-cpe:/a:mandriva:linux:linuxvnc
mandrivalinuxx11vncp-cpe:/a:mandriva:linux:x11vnc
mandrivabusiness_server1cpe:/o:mandriva:business_server:1

Vendor	Product	Version	CPE
mandriva	linux	icecream	p-cpe:/a:mandriva:linux:icecream
mandriva	linux	icecream-devel	p-cpe:/a:mandriva:linux:icecream-devel
mandriva	linux	icecream-scheduler	p-cpe:/a:mandriva:linux:icecream-scheduler
mandriva	linux	lib64vncserver-devel	p-cpe:/a:mandriva:linux:lib64vncserver-devel
mandriva	linux	lib64vncserver0	p-cpe:/a:mandriva:linux:lib64vncserver0
mandriva	linux	linuxvnc	p-cpe:/a:mandriva:linux:linuxvnc
mandriva	linux	x11vnc	p-cpe:/a:mandriva:linux:x11vnc
mandriva	business_server	1	cpe:/o:mandriva:business_server:1