Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4573-1.NASL
HistoryOct 08, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Vino vulnerabilities (USN-4573-1)

2020-10-0800:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4573-1 advisory.

  • The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. (CVE-2014-6053)

  • An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
    (CVE-2018-7225)

  • LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure.
    Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. (CVE-2019-15681)

  • An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397)

  • An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. (CVE-2020-14402)

  • An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. (CVE-2020-14403)

  • An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. (CVE-2020-14404)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4573-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(141301);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2014-6053",
    "CVE-2018-7225",
    "CVE-2019-15681",
    "CVE-2020-14397",
    "CVE-2020-14402",
    "CVE-2020-14403",
    "CVE-2020-14404"
  );
  script_bugtraq_id(70092, 103107);
  script_xref(name:"USN", value:"4573-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Vino vulnerabilities (USN-4573-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple
vulnerabilities as referenced in the USN-4573-1 advisory.

  - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier
    does not properly handle attempts to send a large amount of ClientCutText data, which allows remote
    attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is
    processed by using a single unchecked malloc. (CVE-2014-6053)

  - An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c
    does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or
    possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
    (CVE-2018-7225)

  - LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC
    server code, which allow an attacker to read stack memory and can be abused for information disclosure.
    Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack
    appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit
    d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. (CVE-2019-15681)

  - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer
    dereference. (CVE-2020-14397)

  - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access
    via encodings. (CVE-2020-14402)

  - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access
    via encodings. (CVE-2020-14403)

  - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via
    encodings. (CVE-2020-14404)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4573-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected vino package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7225");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vino");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'vino', 'pkgver': '3.8.1-0ubuntu9.3'},
    {'osver': '18.04', 'pkgname': 'vino', 'pkgver': '3.22.0-3ubuntu1.1'},
    {'osver': '20.04', 'pkgname': 'vino', 'pkgver': '3.22.0-5ubuntu2.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vino');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxvinop-cpe:/a:canonical:ubuntu_linux:vino

Related

osv 14
openvas 50
ubuntu 3
mageia 6
nessus 51
debian 7
ubuntucve 7
virtuozzo 2
veracode 7
prion 7
alpinelinux 6
debiancve 7
cve 7
redhatcve 6
ics 1
suse 7
centos 2
fedora 3
oraclelinux 2
redhat 2
amazon 1
rosalinux 1
osv
osv
vino vulnerabilities
2020-10-07 12:45:39
vino - security update
2019-11-29 00:00:00
libvncserver - security update
2020-06-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4573-1)
2020-10-08 00:00:00
Mageia: Security Advisory (MGASA-2020-0288)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2014-1)
2019-11-30 00:00:00
ubuntu
ubuntu
Vino vulnerabilities
2020-10-07 00:00:00
LibVNCServer vulnerabilities
2020-07-23 00:00:00
LibVNCServer vulnerability
2018-04-04 00:00:00
mageia
mageia
Updated vino packages fix security vulnerability
2020-07-10 11:01:08
Updated vino packages fix security vulnerability
2020-06-11 00:39:20
Updated libvncserver packages fix security vulnerability
2020-07-05 22:48:23
nessus
nessus
Debian DLA-2014-1 : vino security update
2019-12-03 00:00:00
Debian DLA-2264-1 : libvncserver security update
2020-07-01 00:00:00
Debian DLA-2347-1 : libvncserver security update
2020-08-31 00:00:00
debian
debian
[SECURITY] [DLA 2014-1] vino security update
2019-11-29 08:30:55
[SECURITY] [DLA 2347-1] libvncserver security update
2020-08-28 21:36:49
[SECURITY] [DLA 2264-1] libvncserver security update
2020-06-30 09:29:43
ubuntucve
ubuntucve
CVE-2020-14403
2020-06-17 00:00:00
CVE-2020-14404
2020-06-17 00:00:00
CVE-2020-14397
2020-06-17 00:00:00
virtuozzo
virtuozzo
Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 2 (7.0.14-258)
2020-08-19 00:00:00
Important product security update: Virtuozzo 6.0 Update 12 Hotfix 49 (6.0.12-3754)
2019-12-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-06-18 03:02:53
Denial Of Service (DoS)
2020-06-18 06:16:46
Information Disclosure
2019-10-31 01:17:46
prion
prion
Null pointer dereference
2020-06-17 16:15:00
Design/Logic Flaw
2020-06-17 16:15:00
Design/Logic Flaw
2014-12-15 18:59:00
alpinelinux
alpinelinux
CVE-2020-14402
2020-06-17 16:15:00
CVE-2020-14403
2020-06-17 16:15:00
CVE-2020-14397
2020-06-17 16:15:00
debiancve
debiancve
CVE-2020-14403
2020-06-17 16:15:00
CVE-2020-14397
2020-06-17 16:15:00
CVE-2020-14402
2020-06-17 16:15:00
cve
cve
CVE-2020-14402
2020-06-17 16:15:00
CVE-2020-14403
2020-06-17 16:15:00
CVE-2019-15681
2019-10-29 19:15:00
redhatcve
redhatcve
CVE-2020-14403
2020-07-24 10:37:48
CVE-2020-14402
2020-07-24 11:37:51
CVE-2020-14397
2020-07-24 11:07:44
ics
ics
Siemens SIMATIC ITC
2021-12-16 12:00:00
suse
suse
Security update for vino (moderate)
2020-07-26 00:00:00
Security update for LibVNCServer (important)
2020-07-21 00:00:00
Security update for LibVNCServer (important)
2020-05-11 00:00:00
centos
centos
libvncserver security update
2018-05-30 18:24:07
kdenetwork security update
2014-11-12 09:44:41
fedora
fedora
[SECURITY] Fedora 28 Update: libvncserver-0.9.11-6.fc28
2018-03-30 13:40:02
[SECURITY] Fedora 26 Update: libvncserver-0.9.11-3.fc26
2018-04-03 14:25:24
[SECURITY] Fedora 27 Update: libvncserver-0.9.11-5.fc27
2018-03-27 20:18:22
oraclelinux
oraclelinux
libvncserver security update
2018-04-17 00:00:00
kdenetwork security update
2014-11-11 00:00:00
redhat
redhat
(RHSA-2018:1055) Moderate: libvncserver security update
2018-04-10 08:05:00
(RHSA-2014:1827) Moderate: kdenetwork security update
2014-11-11 14:45:20
amazon
amazon
Medium: libvncserver
2018-05-10 17:21:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1900
2021-07-02 17:22:34
JSON
Related for UBUNTU_USN-4573-1.NASL
osv14openvas50ubuntu3mageia6nessus51debian7ubuntucve7virtuozzo2veracode7prion7alpinelinux6debiancve7cve7redhatcve6ics1suse7centos2fedora3oraclelinux2redhat2amazon1rosalinux1