Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4407-1.NASL
HistoryJul 06, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : LibVNCServer vulnerabilities (USN-4407-1)

2020-07-0600:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.
(CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4407-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(138132);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2017-18922",
    "CVE-2019-15680",
    "CVE-2019-15681",
    "CVE-2019-15690",
    "CVE-2019-20788"
  );
  script_xref(name:"USN", value:"4407-1");
  script_xref(name:"IAVA", value:"2020-A-0381");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : LibVNCServer vulnerabilities (USN-4407-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that LibVNCServer incorrectly handled decompressing
data. An attacker could possibly use this issue to cause LibVNCServer
to crash, resulting in a denial of service. (CVE-2019-15680) It was
discovered that an information disclosure vulnerability existed in
LibVNCServer when sending a ServerCutText message. An attacker could
possibly use this issue to expose sensitive information. This issue
only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.
(CVE-2019-15681) It was discovered that LibVNCServer incorrectly
handled cursor shape updates. If a user were tricked in to connecting
to a malicious server, an attacker could possibly use this issue to
cause LibVNCServer to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu
19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690,
CVE-2019-20788) It was discovered that LibVNCServer incorrectly
handled decoding WebSocket frames. An attacker could possibly use this
issue to cause LibVNCServer to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4407-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20788");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvncclient1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvncserver-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvncserver-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvncserver1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libvncclient1', 'pkgver': '0.9.10+dfsg-3ubuntu0.16.04.4'},
    {'osver': '16.04', 'pkgname': 'libvncserver-config', 'pkgver': '0.9.10+dfsg-3ubuntu0.16.04.4'},
    {'osver': '16.04', 'pkgname': 'libvncserver-dev', 'pkgver': '0.9.10+dfsg-3ubuntu0.16.04.4'},
    {'osver': '16.04', 'pkgname': 'libvncserver1', 'pkgver': '0.9.10+dfsg-3ubuntu0.16.04.4'},
    {'osver': '18.04', 'pkgname': 'libvncclient1', 'pkgver': '0.9.11+dfsg-1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libvncserver-config', 'pkgver': '0.9.11+dfsg-1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libvncserver-dev', 'pkgver': '0.9.11+dfsg-1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libvncserver1', 'pkgver': '0.9.11+dfsg-1ubuntu1.2'},
    {'osver': '20.04', 'pkgname': 'libvncclient1', 'pkgver': '0.9.12+dfsg-9ubuntu0.1'},
    {'osver': '20.04', 'pkgname': 'libvncserver-dev', 'pkgver': '0.9.12+dfsg-9ubuntu0.1'},
    {'osver': '20.04', 'pkgname': 'libvncserver1', 'pkgver': '0.9.12+dfsg-9ubuntu0.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvncclient1 / libvncserver-config / libvncserver-dev / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibvncclient1p-cpe:/a:canonical:ubuntu_linux:libvncclient1
canonicalubuntu_linuxlibvncserver-configp-cpe:/a:canonical:ubuntu_linux:libvncserver-config
canonicalubuntu_linuxlibvncserver-devp-cpe:/a:canonical:ubuntu_linux:libvncserver-dev
canonicalubuntu_linuxlibvncserver1p-cpe:/a:canonical:ubuntu_linux:libvncserver1
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts

Related

ubuntu 4
openvas 48
nessus 65
suse 7
redhatcve 4
prion 4
osv 11
centos 2
cve 5
debiancve 5
redhat 7
alpinelinux 2
ubuntucve 5
cvelist 4
veracode 2
oraclelinux 5
amazon 1
debian 4
almalinux 1
mageia 5
virtuozzo 1
ics 2
fedora 2
freebsd 1
threatpost 1
rosalinux 1
ubuntu
ubuntu
LibVNCServer vulnerabilities
2020-07-01 00:00:00
Vino vulnerabilities
2020-10-07 00:00:00
iTALC vulnerabilities
2020-09-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4407-1)
2020-07-03 00:00:00
openSUSE: Security Advisory for LibVNCServer (openSUSE-SU-2020:0624-1)
2020-05-12 00:00:00
Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2020-1866)
2020-08-31 00:00:00
nessus
nessus
openSUSE Security Update : LibVNCServer (openSUSE-2020-624)
2020-05-11 00:00:00
SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2020:1165-1)
2020-05-07 00:00:00
SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2020:14355-1)
2021-06-10 00:00:00
suse
suse
Security update for LibVNCServer (important)
2020-05-11 00:00:00
Security update for LibVNCServer (important)
2020-07-14 00:00:00
Security update for LibVNCServer (important)
2020-07-17 00:00:00
redhatcve
redhatcve
CVE-2019-20788
2020-04-30 14:10:03
CVE-2017-18922
2020-06-30 11:50:39
CVE-2019-15690
2020-03-10 10:10:54
prion
prion
Integer overflow
2020-04-23 19:15:00
Null pointer dereference
2019-10-29 19:15:00
Heap overflow
2020-06-30 11:15:00
osv
osv
libvncserver - security update
2020-03-18 00:00:00
CVE-2019-20788
2020-04-23 19:15:00
CVE-2017-18922
2020-06-30 11:15:10
centos
centos
libvncserver security update
2020-03-25 19:16:12
libvncserver security update
2020-08-07 12:28:23
cve
cve
CVE-2019-20788
2020-04-23 19:15:00
CVE-2017-18922
2020-06-30 11:15:00
CVE-2019-15690
2022-02-25 11:31:58
debiancve
debiancve
CVE-2019-20788
2020-04-23 19:15:00
CVE-2017-18922
2020-06-30 11:15:00
CVE-2019-15680
2019-10-29 19:15:00
redhat
redhat
(RHSA-2020:0913) Important: libvncserver security update
2020-03-23 07:28:10
(RHSA-2020:0920) Important: libvncserver security update
2020-03-23 08:01:21
(RHSA-2020:0921) Important: libvncserver security update
2020-03-23 08:01:22
alpinelinux
alpinelinux
CVE-2019-20788
2020-04-23 19:15:00
CVE-2019-15681
2019-10-29 19:15:00
ubuntucve
ubuntucve
CVE-2019-20788
2020-04-23 00:00:00
CVE-2019-15680
2019-10-29 00:00:00
CVE-2019-15690
2019-12-31 00:00:00
cvelist
cvelist
CVE-2019-20788
2020-04-23 18:06:55
CVE-2019-15680
2019-10-29 16:45:52
CVE-2017-18922
2020-06-30 11:00:01
veracode
veracode
Arbitrary Code Execution
2020-05-15 02:24:57
Information Disclosure
2019-10-31 01:17:46
oraclelinux
oraclelinux
libvncserver security update
2020-03-23 00:00:00
libvncserver security update
2020-03-26 00:00:00
libvncserver security update
2020-08-04 00:00:00
amazon
amazon
Important: libvncserver
2020-04-20 20:47:00
debian
debian
[SECURITY] [DLA 2146-1] libvncserver security update
2020-03-17 19:43:51
[SECURITY] [DLA 1977-1] libvncserver security update
2019-10-30 13:08:16
[SECURITY] [DLA 2014-1] vino security update
2019-11-29 08:31:28
almalinux
almalinux
Important: libvncserver security update
2020-08-10 13:51:34
mageia
mageia
Updated libvncserver packages fix security vulnerability
2019-12-06 17:15:42
Updated libvncserver packages fix security vulnerability
2020-04-15 13:12:14
Updated libvncserver packages fix security vulnerability
2020-05-08 13:57:54
virtuozzo
virtuozzo
Important product security update: Virtuozzo 6.0 Update 12 Hotfix 49 (6.0.12-3754)
2019-12-06 00:00:00
ics
ics
Siemens SIMATIC ITC
2021-12-16 12:00:00
Siemens Products using TightVNC (Update A)
2021-05-11 12:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: libvncserver-0.9.13-2.fc31
2020-07-15 01:12:04
[SECURITY] Fedora 32 Update: libvncserver-0.9.13-2.fc32
2020-07-16 01:14:52
freebsd
freebsd
TightVNC -- Muliple Vulnerabilities
2019-02-12 00:00:00
threatpost
threatpost
Critical Flaws in VNC Threaten Industrial Environments
2019-11-22 19:50:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1900
2021-07-02 17:22:34
JSON
Related for UBUNTU_USN-4407-1.NASL
ubuntu4openvas48nessus65suse7redhatcve4prion4osv11centos2cve5debiancve5redhat7alpinelinux2ubuntucve5cvelist4veracode2oraclelinux5amazon1debian4almalinux1mageia5virtuozzo1ics2fedora2freebsd1threatpost1rosalinux1