Fedora Update for libvncserver FEDORA-2018-43541091ab
2018-04-04T00:00:00
ID OPENVAS:1361412562310874325 Type openvas Reporter Copyright (C) 2018 Greenbone Networks GmbH Modified 2018-04-09T00:00:00
Description
Check the version of libvncserver
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2018_43541091ab_libvncserver_fc26.nasl 9396 2018-04-09 04:18:59Z ckuersteiner $
#
# Fedora Update for libvncserver FEDORA-2018-43541091ab
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.874325");
script_version("$Revision: 9396 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-09 06:18:59 +0200 (Mon, 09 Apr 2018) $");
script_tag(name:"creation_date", value:"2018-04-04 08:41:42 +0200 (Wed, 04 Apr 2018)");
script_cve_id("CVE-2018-7225");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for libvncserver FEDORA-2018-43541091ab");
script_tag(name: "summary", value: "Check the version of libvncserver");
script_tag(name: "vuldetect", value: "Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.");
script_tag(name: "insight", value: "LibVNCServer makes writing a VNC server
(or more correctly, a program exporting a frame-buffer via the Remote Frame
Buffer protocol) easy.
It hides the programmer from the tedious task of managing clients and
compression schemata.
");
script_tag(name: "affected", value: "libvncserver on Fedora 26");
script_tag(name: "solution", value: "Please Install the Updated Packages.");
script_xref(name: "FEDORA", value: "2018-43541091ab");
script_xref(name: "URL" , value: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVQ7GPVKJHTS6WQY5HPCCSPQ6PMAM345");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC26")
{
if ((res = isrpmvuln(pkg:"libvncserver", rpm:"libvncserver~0.9.11~3.fc26", rls:"FC26")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"pluginID": "1361412562310874325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_43541091ab_libvncserver_fc26.nasl 9396 2018-04-09 04:18:59Z ckuersteiner $\n#\n# Fedora Update for libvncserver FEDORA-2018-43541091ab\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874325\");\n script_version(\"$Revision: 9396 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-09 06:18:59 +0200 (Mon, 09 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 08:41:42 +0200 (Wed, 04 Apr 2018)\");\n script_cve_id(\"CVE-2018-7225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvncserver FEDORA-2018-43541091ab\");\n script_tag(name: \"summary\", value: \"Check the version of libvncserver\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"LibVNCServer makes writing a VNC server \n(or more correctly, a program exporting a frame-buffer via the Remote Frame \nBuffer protocol) easy.\nIt hides the programmer from the tedious task of managing clients and\ncompression schemata.\n\");\n script_tag(name: \"affected\", value: \"libvncserver on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-43541091ab\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVQ7GPVKJHTS6WQY5HPCCSPQ6PMAM345\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.11~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "history": [], "description": "Check the version of libvncserver", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874325", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "46d948ebd3bd042831cf32779cf3abc2"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "4cde1fa539872970867ca037da4ddedf"}, {"key": "href", "hash": "35565408fddf7c1a3329e44e47927ca2"}, {"key": "modified", "hash": "0f00a0a13f0660fdc38b69aa3d2c2098"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "c64e62d1d9271763a79d0ade7f5e8508"}, {"key": "published", "hash": "813566690a1ba159d228c15d6ac6bbd0"}, {"key": "references", "hash": "bace366fd95b04299726f737790bf0bb"}, {"key": "reporter", "hash": "bd2811809d78a66b4d39bc1fb8b08ee6"}, {"key": "sourceData", "hash": "a6913fc68d70d2c1ca452caee219733e"}, {"key": "title", "hash": "d8fba0cdac659cea05461207290ce9e7"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 1, "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVQ7GPVKJHTS6WQY5HPCCSPQ6PMAM345", "2018-43541091ab"], "lastseen": "2018-04-09T11:09:35", "published": "2018-04-04T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2018-7225"], "id": "OPENVAS:1361412562310874325", "hash": "e88adb7506db968f332d97ce4f2944572ba0e786d34949ca5d8b844f6b3ee7c6", "modified": "2018-04-09T00:00:00", "title": "Fedora Update for libvncserver FEDORA-2018-43541091ab", "edition": 1, "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}}
{"result": {"cve": [{"lastseen": "2018-06-10T11:05:56", "references": ["https://usn.ubuntu.com/3618-1/", "http://www.securityfocus.com/bid/103107", "http://www.openwall.com/lists/oss-security/2018/02/18/1", "https://github.com/LibVNC/libvncserver/issues/218", "https://access.redhat.com/errata/RHSA-2018:1055", "https://www.debian.org/security/2018/dsa-4221", "https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html"], "description": "An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.", "edition": 7, "reporter": "NVD", "published": "2018-02-19T10:29:00", "title": "CVE-2018-7225", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-7225"], "scanner": [], "modified": "2018-06-09T21:29:04", "cpe": ["cpe:/a:libvncserver_project:libvncserver:0.9.11"], "id": "CVE-2018-7225", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7225", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-06-01T01:37:59", "references": ["http://lists.centos.org/pipermail/centos-announce/2018-May/022877.html"], "pluginID": "110235", "description": "An update for libvncserver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "edition": 1, "reporter": "Tenable", "published": "2018-05-31T00:00:00", "title": "CentOS 7 : libvncserver (CESA-2018:1055)", "type": "nessus", "enchantments": {"score": {"modified": "2018-06-01T01:37:59", "vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-05-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvncserver", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libvncserver-devel"], "id": "CENTOS_RHSA-2018-1055.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110235", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1055 and \n# CentOS Errata and Security Advisory 2018:1055 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110235);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/05/31 11:41:34\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"RHSA\", value:\"2018:1055\");\n\n script_name(english:\"CentOS 7 : libvncserver (CESA-2018:1055)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvncserver is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server\nfunctionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in\nrfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022877.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-12.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-12.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-06T22:02:24", "references": ["http://www.nessus.org/u?3ecc44de"], "pluginID": "109451", "description": "Security Fix(es) :\n\n - libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)", "edition": 1, "reporter": "Tenable", "published": "2018-05-01T00:00:00", "title": "Scientific Linux Security Update : libvncserver on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"modified": "2018-05-06T22:02:24", "vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-05-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180410_LIBVNCSERVER_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109451);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/05/01 12:44:36\");\n\n script_cve_id(\"CVE-2018-7225\");\n\n script_name(english:\"Scientific Linux Security Update : libvncserver on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - libvncserver: Improper input sanitization in\n rfbProcessClientNormalMessage in rfbserver.c\n (CVE-2018-7225)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1804&L=scientific-linux-errata&F=&S=&P=3718\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ecc44de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvncserver, libvncserver-debuginfo and / or\nlibvncserver-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-12.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvncserver-debuginfo-0.9.9-12.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-12.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-12T00:21:11", "references": ["https://www.redhat.com/security/data/cve/CVE-2018-7225.html", "http://rhn.redhat.com/errata/RHSA-2018-1055.html"], "pluginID": "108994", "edition": 1, "description": "An update for libvncserver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "reporter": "Tenable", "published": "2018-04-11T00:00:00", "title": "RHEL 7 : libvncserver (RHSA-2018:1055)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvncserver-devel", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libvncserver-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvncserver"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=108994", "id": "REDHAT-RHSA-2018-1055.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1055. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108994);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/11 11:27:31\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"RHSA\", value:\"2018:1055\");\n\n script_name(english:\"RHEL 7 : libvncserver (RHSA-2018:1055)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvncserver is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server\nfunctionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in\nrfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2018-1055.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2018-7225.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvncserver, libvncserver-debuginfo and / or\nlibvncserver-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1055\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-0.9.9-12.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-12.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-debuginfo-0.9.9-12.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-debuginfo-0.9.9-12.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-devel-0.9.9-12.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-12.el7_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver / libvncserver-debuginfo / libvncserver-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-12T00:32:29", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2018-1012.html"], "pluginID": "109691", "description": "Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c\n\nAn issue was discovered in LibVNCServer through 0.9.11.\nrfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.(CVE-2018-7225)", "edition": 1, "reporter": "Tenable", "published": "2018-05-11T00:00:00", "title": "Amazon Linux 2 : libvncserver (ALAS-2018-1012)", "type": "nessus", "enchantments": {"score": {"modified": "2018-05-12T00:32:29", "vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libvncserver", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:libvncserver-devel", "p-cpe:/a:amazon:linux:libvncserver-debuginfo"], "id": "AL2_ALAS-2018-1012.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1012.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109691);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/05/11 12:23:24\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"ALAS\", value:\"2018-1012\");\n\n script_name(english:\"Amazon Linux 2 : libvncserver (ALAS-2018-1012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Improper input sanitization in rfbProcessClientNormalMessage in\nrfbserver.c\n\nAn issue was discovered in LibVNCServer through 0.9.11.\nrfbProcessClientNormalMessage() in rfbserver.c does not sanitize\nmsg.cct.length, leading to access to uninitialized and potentially\nsensitive data or possibly unspecified other impact (e.g., an integer\noverflow) via specially crafted VNC packets.(CVE-2018-7225)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libvncserver' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libvncserver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-12.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libvncserver-debuginfo-0.9.9-12.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-12.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver / libvncserver-debuginfo / libvncserver-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-21T13:32:52", "references": ["https://oss.oracle.com/pipermail/el-errata/2018-April/007627.html"], "pluginID": "109153", "edition": 1, "description": "From Red Hat Security Advisory 2018:1055 :\n\nAn update for libvncserver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "reporter": "Tenable", "published": "2018-04-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Oracle Linux 7 : libvncserver (ELSA-2018-1055)", "type": "nessus", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvncserver", "p-cpe:/a:oracle:linux:libvncserver-devel", "cpe:/o:oracle:linux:7"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=109153", "id": "ORACLELINUX_ELSA-2018-1055.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1055 and \n# Oracle Linux Security Advisory ELSA-2018-1055 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109153);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/19 11:38:02\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"RHSA\", value:\"2018:1055\");\n\n script_name(english:\"Oracle Linux 7 : libvncserver (ELSA-2018-1055)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1055 :\n\nAn update for libvncserver is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLibVNCServer is a C library that enables you to implement VNC server\nfunctionality into own programs.\n\nSecurity Fix(es) :\n\n* libvncserver: Improper input sanitization in\nrfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-April/007627.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-12.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-12.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver / libvncserver-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:26:00", "references": [], "pluginID": "108841", "description": "It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "reporter": "Tenable", "published": "2018-04-05T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvncserver vulnerability (USN-3618-1)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:libvncserver1", "p-cpe:/a:canonical:ubuntu_linux:libvncclient1", "p-cpe:/a:canonical:ubuntu_linux:libvncserver0", "cpe:/o:canonical:ubuntu_linux:14.04"], "modified": "2018-04-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108841", "id": "UBUNTU_USN-3618-1.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3618-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108841);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/05 18:55:07\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"USN\", value:\"3618-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvncserver vulnerability (USN-3618-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LibVNCServer incorrectly handled certain packet\nlengths. A remote attacker able to connect to a LibVNCServer could\npossibly use this issue to obtain sensitive information, cause a\ndenial of service, or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvncclient1, libvncserver0 and / or\nlibvncserver1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncclient1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncserver1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libvncserver0\", pkgver:\"0.9.9+dfsg-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libvncserver1\", pkgver:\"0.9.10+dfsg-3ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libvncclient1\", pkgver:\"0.9.11+dfsg-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libvncserver1\", pkgver:\"0.9.11+dfsg-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncclient1 / libvncserver0 / libvncserver1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-30T13:18:25", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-4897772a43"], "pluginID": "108669", "description": "This release fixes a possible sensitive data leak and a memory exhaustion when handling ClientTextCut messages of the RFB protocol.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "reporter": "Tenable", "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Fedora 27 : libvncserver (2018-4897772a43)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "cpe": ["p-cpe:/a:fedoraproject:fedora:libvncserver", "cpe:/o:fedoraproject:fedora:27"], "modified": "2018-03-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108669", "id": "FEDORA_2018-4897772A43.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4897772a43.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108669);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/03/28 15:31:51\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"FEDORA\", value:\"2018-4897772a43\");\n\n script_name(english:\"Fedora 27 : libvncserver (2018-4897772a43)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes a possible sensitive data leak and a memory\nexhaustion when handling ClientTextCut messages of the RFB protocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4897772a43\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libvncserver-0.9.11-5.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-10T06:13:13", "references": ["https://packages.debian.org/source/wheezy/libvncserver", "https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html"], "pluginID": "108766", "description": "libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.9.9+dfsg-1+deb7u3.\n\nWe recommend that you upgrade your libvncserver packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "reporter": "Tenable", "published": "2018-04-02T00:00:00", "title": "Debian DLA-1332-1 : libvncserver security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-07-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libvncserver-dev", "p-cpe:/a:debian:debian_linux:libvncserver-config", "p-cpe:/a:debian:debian_linux:libvncserver0", "p-cpe:/a:debian:debian_linux:linuxvnc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libvncserver0-dbg"], "id": "DEBIAN_DLA-1332.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108766", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1332-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108766);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2018-7225\");\n\n script_name(english:\"Debian DLA-1332-1 : libvncserver security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvncserver version through 0.9.11. does not sanitize msg.cct.length\nwhich may result in access to uninitialized and potentially sensitive\ndata or possibly unspecified other impact (e.g., an integer overflow)\nvia specially crafted VNC packets.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.9.9+dfsg-1+deb7u3.\n\nWe recommend that you upgrade your libvncserver packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libvncserver\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linuxvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver-config\", reference:\"0.9.9+dfsg-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver-dev\", reference:\"0.9.9+dfsg-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver0\", reference:\"0.9.9+dfsg-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver0-dbg\", reference:\"0.9.9+dfsg-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linuxvnc\", reference:\"0.9.9+dfsg-1+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:16:34", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-43541091ab"], "pluginID": "108818", "description": "This release fixes a possible sensitive data leak and a memory exhaustion when handling ClientTextCut messages of the RFB protocol.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "reporter": "Tenable", "published": "2018-04-04T00:00:00", "title": "Fedora 26 : libvncserver (2018-43541091ab)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvncserver", "cpe:/o:fedoraproject:fedora:26"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=108818", "id": "FEDORA_2018-43541091AB.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-43541091ab.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108818);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/04 18:33:42\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"FEDORA\", value:\"2018-43541091ab\");\n\n script_name(english:\"Fedora 26 : libvncserver (2018-43541091ab)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes a possible sensitive data leak and a memory\nexhaustion when handling ClientTextCut messages of the RFB protocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-43541091ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libvncserver-0.9.11-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-12T01:06:21", "references": ["http://www.debian.org/security/2018/dsa-4221", "https://packages.debian.org/source/jessie/libvncserver", "https://security-tracker.debian.org/tracker/libvncserver", "https://packages.debian.org/source/stretch/libvncserver"], "pluginID": "110420", "description": "Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.", "edition": 1, "reporter": "Tenable", "published": "2018-06-11T00:00:00", "title": "Debian DSA-4221-1 : libvncserver - security update", "type": "nessus", "enchantments": {"score": {"modified": "2018-06-12T01:06:21", "vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-06-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libvncserver", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4221.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4221. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110420);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/06/11 12:25:56\");\n\n script_cve_id(\"CVE-2018-7225\");\n script_xref(name:\"DSA\", value:\"4221\");\n\n script_name(english:\"Debian DSA-4221-1 : libvncserver - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Peslyak discovered that insufficient input sanitising of RFB\npackets in LibVNCServer could result in the disclosure of memory\ncontents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/libvncserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libvncserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libvncserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2018/dsa-4221\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvncserver packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 0.9.9+dfsg2-6.1+deb8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.9.11+dfsg-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libvncclient0\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvncclient0-dbg\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvncserver-config\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvncserver-dev\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvncserver0\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvncserver0-dbg\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linuxvnc\", reference:\"0.9.9+dfsg2-6.1+deb8u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncclient1\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncclient1-dbg\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncserver-config\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncserver-dev\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncserver1\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvncserver1-dbg\", reference:\"0.9.11+dfsg-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-30T13:46:12", "references": ["3618-1", "http://www.ubuntu.com/usn/usn-3618-1/"], "pluginID": "1361412562310843499", "description": "Check the version of libvncserver", "edition": 2, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-04-06T00:00:00", "title": "Ubuntu Update for libvncserver USN-3618-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-27T00:00:00", "id": "OPENVAS:1361412562310843499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3618_1.nasl 9655 2018-04-27 09:23:07Z cfischer $\n#\n# Ubuntu Update for libvncserver USN-3618-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843499\");\n script_version(\"$Revision: 9655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-27 11:23:07 +0200 (Fri, 27 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 09:58:07 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2018-7225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libvncserver USN-3618-1\");\n script_tag(name: \"summary\", value: \"Check the version of libvncserver\");\n script_tag(name: \"vuldetect\", value: \"Checks if a vulnerable version is present on the target host.\");\n script_tag(name: \"insight\", value: \"It was discovered that LibVNCServer\n incorrectly handled certain packet lengths. A remote attacker able to connect to\n a LibVNCServer could possibly use this issue to obtain sensitive information,\n cause a denial of service, or execute arbitrary code.\");\n script_tag(name: \"affected\", value: \"libvncserver on Ubuntu 17.10 ,\n Ubuntu 16.04 LTS ,\n Ubuntu 14.04 LTS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"USN\", value: \"3618-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-3618-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvncserver0:amd64\", ver:\"0.9.9+dfsg-1ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvncserver0:i386\", ver:\"0.9.9+dfsg-1ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvncclient1:amd64\", ver:\"0.9.11+dfsg-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvncclient1:i386\", ver:\"0.9.11+dfsg-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvncserver1:amd64\", ver:\"0.9.11+dfsg-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvncserver1:i386\", ver:\"0.9.11+dfsg-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvncserver1:amd64\", ver:\"0.9.10+dfsg-3ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvncserver1:i386\", ver:\"0.9.10+dfsg-3ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-06T10:45:38", "references": ["2018:1055", "http://lists.centos.org/pipermail/centos-announce/2018-May/022877.html"], "pluginID": "1361412562310882897", "description": "Check the version of libvncserver", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-05T00:00:00", "title": "CentOS Update for libvncserver CESA-2018:1055 centos7 ", "type": "openvas", "enchantments": {"score": {"modified": "2018-06-06T10:45:38", "vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-06-06T00:00:00", "id": "OPENVAS:1361412562310882897", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882897", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1055_libvncserver_centos7.nasl 10086 2018-06-06 04:57:58Z ckuersteiner $\n#\n# CentOS Update for libvncserver CESA-2018:1055 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882897\");\n script_version(\"$Revision: 10086 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-06 06:57:58 +0200 (Wed, 06 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-05 14:03:16 +0530 (Tue, 05 Jun 2018)\");\n script_cve_id(\"CVE-2018-7225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libvncserver CESA-2018:1055 centos7 \");\n script_tag(name:\"summary\", value:\"Check the version of libvncserver\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"LibVNCServer is a C library that enables you to implement VNC server\nfunctionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: Improper input sanitization in\nrfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\");\n script_tag(name:\"affected\", value:\"libvncserver on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1055\");\n script_xref(name:\"URL\" , value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022877.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.9~12.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver-devel\", rpm:\"libvncserver-devel~0.9.9~12.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-13T12:13:33", "references": ["https://www.debian.org/security/2018/dsa-4221.html"], "pluginID": "1361412562310704221", "description": "Alexander Peslyak discovered that insufficient input sanitising of RFB\npackets in LibVNCServer could result in the disclosure of memory\ncontents.", "edition": 2, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-06-08T00:00:00", "title": "Debian Security Advisory DSA 4221-1 (libvncserver - security update)", "type": "openvas", "enchantments": {"score": {"modified": "2018-06-13T12:13:33", "vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310704221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704221", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4221.nasl 10171 2018-06-13 06:19:25Z cfischer $\n#\n# Auto-generated from advisory DSA 4221-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704221\");\n script_version(\"$Revision: 10171 $\");\n script_cve_id(\"CVE-2018-7225\");\n script_name(\"Debian Security Advisory DSA 4221-1 (libvncserver - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-13 08:19:25 +0200 (Wed, 13 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 00:00:00 +0200 (Fri, 08 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4221.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB[89]\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"libvncserver on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 0.9.9+dfsg2-6.1+deb8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.9.11+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your libvncserver packages.\n\nFor the detailed security status of libvncserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libvncserver\");\n script_tag(name:\"summary\", value:\"Alexander Peslyak discovered that insufficient input sanitising of RFB\npackets in LibVNCServer could result in the disclosure of memory\ncontents.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvncclient0\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncclient0-dbg\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0-dbg\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linuxvnc\", ver:\"0.9.9+dfsg2-6.1+deb8u3\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncclient1\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncclient1-dbg\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver1\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver1-dbg\", ver:\"0.9.11+dfsg-1+deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-10T17:26:05", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html"], "pluginID": "1361412562310891332", "description": "libvncserver version through 0.9.11. does not sanitize msg.cct.length\nwhich may result in access to uninitialized and potentially sensitive\ndata or possibly unspecified other impact (e.g., an integer overflow)\nvia specially crafted VNC packets.", "edition": 4, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-04-02T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 1332-1] libvncserver security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1332.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 1332-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891332\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2018-7225\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1332-1] libvncserver security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 00:00:00 +0200 (Mon, 02 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"libvncserver on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.9.9+dfsg-1+deb7u3.\n\nWe recommend that you upgrade your libvncserver packages.\");\n script_tag(name:\"summary\", value:\"libvncserver version through 0.9.11. does not sanitize msg.cct.length\nwhich may result in access to uninitialized and potentially sensitive\ndata or possibly unspecified other impact (e.g., an integer overflow)\nvia specially crafted VNC packets.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.9+dfsg-1+deb7u3\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.9+dfsg-1+deb7u3\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg-1+deb7u3\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0-dbg\", ver:\"0.9.9+dfsg-1+deb7u3\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linuxvnc\", ver:\"0.9.9+dfsg-1+deb7u3\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-03T15:11:57", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYNK6ZTW4QSUNWBL3YCZXRC3QMHW7FZK", "2018-4897772a43"], "pluginID": "1361412562310874285", "description": "Check the version of libvncserver", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-28T00:00:00", "type": "openvas", "title": "Fedora Update for libvncserver FEDORA-2018-4897772a43", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7225"], "modified": "2018-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874285", "id": "OPENVAS:1361412562310874285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4897772a43_libvncserver_fc27.nasl 9271 2018-03-31 07:25:25Z cfischer $\n#\n# Fedora Update for libvncserver FEDORA-2018-4897772a43\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874285\");\n script_version(\"$Revision: 9271 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-31 09:25:25 +0200 (Sat, 31 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-28 08:58:22 +0200 (Wed, 28 Mar 2018)\");\n script_cve_id(\"CVE-2018-7225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvncserver FEDORA-2018-4897772a43\");\n script_tag(name: \"summary\", value: \"Check the version of libvncserver\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"LibVNCServer makes writing a VNC server \n(or more correctly, a program exporting a frame-buffer via the Remote Frame \nBuffer protocol) easy.\n\nIt hides the programmer from the tedious task of managing clients and\ncompression schemata.\n\");\n script_tag(name: \"affected\", value: \"libvncserver on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-4897772a43\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYNK6ZTW4QSUNWBL3YCZXRC3QMHW7FZK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.11~5.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-04T13:00:42", "references": ["http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html", "2018:0851_1"], "pluginID": "1361412562310851728", "description": "Check the version of LibVNCServer", "edition": 2, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-30T00:00:00", "type": "openvas", "title": "SuSE Update for LibVNCServer openSUSE-SU-2018:0851-1 (LibVNCServer)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9941", "CVE-2018-7225", "CVE-2016-9942"], "modified": "2018-04-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851728", "id": "OPENVAS:1361412562310851728", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_0851_1.nasl 9288 2018-04-04 06:15:11Z asteins $\n#\n# SuSE Update for LibVNCServer openSUSE-SU-2018:0851-1 (LibVNCServer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851728\");\n script_version(\"$Revision: 9288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-04 08:15:11 +0200 (Wed, 04 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-30 08:40:53 +0200 (Fri, 30 Mar 2018)\");\n script_cve_id(\"CVE-2016-9941\", \"CVE-2016-9942\", \"CVE-2018-7225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for LibVNCServer openSUSE-SU-2018:0851-1 (LibVNCServer)\");\n script_tag(name: \"summary\", value: \"Check the version of LibVNCServer\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n LibVNCServer was updated to fix two security issues.\n\n These security issues were fixed:\n\n - CVE-2018-7225: Missing input sanitization inside rfbserver.c\n rfbProcessClientNormalMessage() (bsc#1081493).\n - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message with the\n Ultra type tile, such that the LZO payload decompressed length exceeds\n what is specified by the tile dimensions (bsc#1017712).\n - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message\n containing a subrectangle outside of the client drawing area\n (bsc#1017711).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended \n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-326=1\");\n script_tag(name: \"affected\", value: \"LibVNCServer on openSUSE Leap 42.3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2018:0851_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"LibVNCServer-debugsource\", rpm:\"LibVNCServer-debugsource~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"LibVNCServer-devel\", rpm:\"LibVNCServer-devel~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncclient0\", rpm:\"libvncclient0~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncclient0-debuginfo\", rpm:\"libvncclient0-debuginfo~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver0\", rpm:\"libvncserver0~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver0-debuginfo\", rpm:\"libvncserver0-debuginfo~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"linuxvnc\", rpm:\"linuxvnc~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"linuxvnc-debuginfo\", rpm:\"linuxvnc-debuginfo~0.9.9~16.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-04-13T16:19:28", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "ppc64le", "packageFilename": "libvncserver-0.9.9-12.el7_5.ppc64le.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "src", "packageFilename": "libvncserver-0.9.9-12.el7_5.src.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-debuginfo-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "ppc64le", "packageFilename": "libvncserver-debuginfo-0.9.9-12.el7_5.ppc64le.rpm", "packageName": "libvncserver-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-debuginfo-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "ppc64le", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.ppc64le.rpm", "packageName": "libvncserver-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver-devel", "operator": "lt"}], "description": "LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "reporter": "RedHat", "published": "2018-04-10T12:05:00", "type": "redhat", "title": "(RHSA-2018:1055) Moderate: libvncserver security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-7225"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-10T12:16:44", "id": "RHSA-2018:1055", "href": "https://access.redhat.com/errata/RHSA-2018:1055", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-04-09T21:09:06", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7225"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "17.10", "packageVersion": "0.9.11+dfsg-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libvncclient1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "0.9.10+dfsg-3ubuntu0.16.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libvncserver1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.10", "packageVersion": "0.9.11+dfsg-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libvncserver1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "0.9.9+dfsg-1ubuntu1.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libvncserver0", "operator": "lt"}], "description": "It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.", "edition": 1, "reporter": "Ubuntu", "published": "2018-04-04T00:00:00", "type": "ubuntu", "title": "LibVNCServer vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-04T00:00:00", "href": "https://usn.ubuntu.com/3618-1/", "id": "USN-3618-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-04-18T01:30:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "src", "packageFilename": "libvncserver-0.9.9-12.el7_5.src.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver-devel", "operator": "lt"}], "description": "[0.9.9-12]\n- Fix CVE-2018-7225 (improper client cut text length sanitization) (bug #1548440)", "edition": 1, "reporter": "Oracle", "published": "2018-04-17T00:00:00", "type": "oraclelinux", "title": "libvncserver security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-7225"], "modified": "2018-04-17T00:00:00", "href": "http://linux.oracle.com/errata/ELSA-2018-1055.html", "id": "ELSA-2018-1055", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-06-09T03:59:15", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncserver-dev_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncserver-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncserver0_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncserver-config_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncserver-config", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncclient1-dbg_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncclient1-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncclient0-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "linuxvnc_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "linuxvnc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncserver0-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncclient0_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.9.9+dfsg2-6.1+deb8u3", "arch": "all", "packageFilename": "libvncserver_0.9.9+dfsg2-6.1+deb8u3_all.deb", "packageName": "libvncserver", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncserver-dev_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncserver-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncserver1_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncserver1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncserver-config_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncserver-config", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncserver1-dbg_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncserver1-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncclient1_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncclient1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "0.9.11+dfsg-1+deb9u1", "arch": "all", "packageFilename": "libvncserver_0.9.11+dfsg-1+deb9u1_all.deb", "packageName": "libvncserver", "operator": "lt"}], "description": "Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.\n\nFor the oldstable distribution (jessie), this problem has been fixed in version 0.9.9+dfsg2-6.1+deb8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in version 0.9.11+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your libvncserver packages.\n\nFor the detailed security status of libvncserver please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/libvncserver>", "edition": 1, "reporter": "Debian", "published": "2018-06-08T00:00:00", "title": "libvncserver -- security update", "type": "debian", "enchantments": {"score": {"modified": "2018-06-09T03:59:15", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-7225"], "modified": "2018-06-08T00:00:00", "id": "DSA-4221", "href": "http://www.debian.org/security/dsa-4221", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-05-30T22:38:52", "references": ["https://access.redhat.com/errata/RHSA-2018:1055"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver-devel", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "any", "packageFilename": "libvncserver-0.9.9-12.el7_5.src.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "x86_64", "packageFilename": "libvncserver-0.9.9-12.el7_5.x86_64.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.9.9-12.el7_5", "arch": "i686", "packageFilename": "libvncserver-devel-0.9.9-12.el7_5.i686.rpm", "packageName": "libvncserver-devel", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2018:1055\n\n\nLibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/022877.html\n\n**Affected packages:**\nlibvncserver\nlibvncserver-devel\n\n**Upstream details at:**\n", "edition": 1, "reporter": "CentOS Project", "published": "2018-05-30T18:24:07", "title": "libvncserver security update", "type": "centos", "enchantments": {"score": {"modified": "2018-05-30T22:38:52", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-7225"], "modified": "2018-05-30T18:24:07", "id": "CESA-2018:1055", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/022877.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2018-03-30T02:47:26", "references": ["https://bugzilla.suse.com/1017711", "https://bugzilla.suse.com/1017712", "https://bugzilla.suse.com/1081493"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "linuxvnc-debuginfo", "packageFilename": "linuxvnc-debuginfo-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "linuxvnc", "packageFilename": "linuxvnc-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "libvncserver0", "packageFilename": "libvncserver0-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "linuxvnc", "packageFilename": "linuxvnc-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "libvncclient0-debuginfo", "packageFilename": "libvncclient0-debuginfo-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "libvncserver0-debuginfo", "packageFilename": "libvncserver0-debuginfo-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "libvncclient0", "packageFilename": "libvncclient0-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "libvncserver0-debuginfo", "packageFilename": "libvncserver0-debuginfo-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "LibVNCServer-devel", "packageFilename": "LibVNCServer-devel-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "libvncserver0", "packageFilename": "libvncserver0-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "LibVNCServer-devel", "packageFilename": "LibVNCServer-devel-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "libvncclient0-debuginfo", "packageFilename": "libvncclient0-debuginfo-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "x86_64", "packageName": "LibVNCServer-debugsource", "packageFilename": "LibVNCServer-debugsource-0.9.9-16.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "LibVNCServer-debugsource", "packageFilename": "LibVNCServer-debugsource-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "libvncclient0", "packageFilename": "libvncclient0-0.9.9-16.3.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "0.9.9-16.3.1", "arch": "i586", "packageName": "linuxvnc-debuginfo", "packageFilename": "linuxvnc-debuginfo-0.9.9-16.3.1.i586.rpm", "operator": "lt"}], "description": "LibVNCServer was updated to fix two security issues.\n\n These security issues were fixed:\n\n - CVE-2018-7225: Missing input sanitization inside rfbserver.c\n rfbProcessClientNormalMessage() (bsc#1081493).\n - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message with the\n Ultra type tile, such that the LZO payload decompressed length exceeds\n what is specified by the tile dimensions (bsc#1017712).\n - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message\n containing a subrectangle outside of the client drawing area\n (bsc#1017711).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2018-03-30T00:07:11", "title": "Security update for LibVNCServer (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9941", "CVE-2018-7225", "CVE-2016-9942"], "modified": "2018-03-30T00:07:11", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html", "id": "OPENSUSE-SU-2018:0851-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-27T22:43:45", "references": ["https://bugzilla.suse.com/1017711", "https://bugzilla.suse.com/1017712", "https://bugzilla.suse.com/1081493"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncserver0-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncserver0-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncserver0-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncserver0-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncserver0-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncclient0-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncclient0-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncclient0-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncclient0-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncclient0-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-debugsource-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.aarch64.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.s390x.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.ppc64le.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "LibVNCServer-devel-0.9.9-17.5.1.x86_64.rpm", "packageName": "LibVNCServer-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "x86_64", "packageFilename": "libvncserver0-0.9.9-17.5.1.x86_64.rpm", "packageName": "libvncserver0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "s390x", "packageFilename": "libvncclient0-0.9.9-17.5.1.s390x.rpm", "packageName": "libvncclient0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncclient0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncclient0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "0.9.9-17.5.1", "arch": "ppc64le", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.ppc64le.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "0.9.9-17.5.1", "arch": "aarch64", "packageFilename": "libvncserver0-debuginfo-0.9.9-17.5.1.aarch64.rpm", "packageName": "libvncserver0-debuginfo", "operator": "lt"}], "description": "LibVNCServer was updated to fix two security issues.\n\n These security issues were fixed:\n\n - CVE-2018-7225: Missing input sanitization inside rfbserver.c\n rfbProcessClientNormalMessage() (bsc#1081493).\n - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message with the\n Ultra type tile, such that the LZO payload decompressed length exceeds\n what is specified by the tile dimensions (bsc#1017712).\n - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote\n servers to cause a denial of service (application crash) or possibly\n execute arbitrary code via a crafted FramebufferUpdate message\n containing a subrectangle outside of the client drawing area\n (bsc#1017711).\n\n", "edition": 1, "reporter": "Suse", "published": "2018-03-27T21:07:39", "type": "suse", "title": "Security update for LibVNCServer (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9941", "CVE-2018-7225", "CVE-2016-9942"], "modified": "2018-03-27T21:07:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00065.html", "id": "SUSE-SU-2018:0830-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}
