ID OPENSUSE-SU-2020:1025-1 Type suse Reporter Suse Modified 2020-07-21T15:12:51
Description
This update for LibVNCServer fixes the following issues:
security update
added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory
contents are vulnerable to Information leak
LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875],
buffer overflow in ConnectClientToUnixSock()
LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876],
unaligned accesses in hybiReadAndDecode can lead to denial of service
LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880],
improperly closed TCP connection causes an infinite loop in
libvncclient/sockets.c
LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700],
NULL pointer dereference in libvncserver/rfbregion.c
LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743],
Byte-aligned data is accessed through uint32_t pointers in
libvncclient/rfbproto.c.
LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691],
Byte-aligned data is accessed through uint16_t pointers in
libvncserver/translate.c.
LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694],
potential integer overflows in libvncserver/scale.c
LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701],
out-of-bounds access via encodings.
{"suse": [{"lastseen": "2020-07-24T19:26:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "description": "This update for LibVNCServer fixes the following issues:\n\n - security update\n - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory\n contents are vulnerable to Information leak\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875],\n buffer overflow in ConnectClientToUnixSock()\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876],\n unaligned accesses in hybiReadAndDecode can lead to denial of service\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880],\n improperly closed TCP connection causes an infinite loop in\n libvncclient/sockets.c\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700],\n NULL pointer dereference in libvncserver/rfbregion.c\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743],\n Byte-aligned data is accessed through uint32_t pointers in\n libvncclient/rfbproto.c.\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691],\n Byte-aligned data is accessed through uint16_t pointers in\n libvncserver/translate.c.\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694],\n potential integer overflows in libvncserver/scale.c\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701],\n out-of-bounds access via encodings.\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922\n [bsc#1173477], preauth buffer overwrite\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-24T18:21:22", "published": "2020-07-24T18:21:22", "id": "OPENSUSE-SU-2020:1056-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html", "title": "Security update for LibVNCServer (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-18T19:26:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "description": "This update for LibVNCServer fixes the following issues:\n\n - security update\n - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory\n contents are vulnerable to Information leak\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875],\n buffer overflow in ConnectClientToUnixSock()\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876],\n unaligned accesses in hybiReadAndDecode can lead to denial of service\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880],\n improperly closed TCP connection causes an infinite loop in\n libvncclient/sockets.c\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700],\n NULL pointer dereference in libvncserver/rfbregion.c\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743],\n Byte-aligned data is accessed through uint32_t pointers in\n libvncclient/rfbproto.c.\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691],\n Byte-aligned data is accessed through uint16_t pointers in\n libvncserver/translate.c.\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694],\n potential integer overflows in libvncserver/scale.c\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701],\n out-of-bounds access via encodings.\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922\n [bsc#1173477], preauth buffer overwrite\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-18T18:13:41", "published": "2020-07-18T18:13:41", "id": "OPENSUSE-SU-2020:0988-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html", "title": "Security update for LibVNCServer (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-14T13:25:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "This update for LibVNCServer fixes the following issues:\n\n - CVE-2017-18922: Fixed an issue which could have allowed to an attacker\n to pre-auth overwrite a function pointer which subsequently used leading\n to potential remote code execution (bsc#1173477).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-14T12:14:54", "published": "2020-07-14T12:14:54", "id": "OPENSUSE-SU-2020:0960-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html", "title": "Security update for LibVNCServer (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-18T01:25:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "This update for LibVNCServer fixes the following issues:\n\n - CVE-2017-18922: Fixed an issue which could have allowed to an attacker\n to pre-auth overwrite a function pointer which subsequently used leading\n to potential remote code execution (bsc#1173477).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-18T00:16:37", "published": "2020-07-18T00:16:37", "id": "OPENSUSE-SU-2020:0978-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html", "title": "Security update for LibVNCServer (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-07-28T03:55:40", "description": "This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-22T00:00:00", "title": "openSUSE Security Update : LibVNCServer (openSUSE-2020-1025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-07-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libvncclient0", "p-cpe:/a:novell:opensuse:LibVNCServer-devel", "p-cpe:/a:novell:opensuse:LibVNCServer-debugsource", "p-cpe:/a:novell:opensuse:libvncclient0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0"], "id": "OPENSUSE-2020-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/138828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1025.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138828);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/27\");\n\n script_cve_id(\"CVE-2017-18922\", \"CVE-2018-21247\", \"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\");\n\n script_name(english:\"openSUSE Security Update : LibVNCServer (openSUSE-2020-1025)\");\n script_summary(english:\"Check for the openSUSE-2020-1025 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173880\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected LibVNCServer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"LibVNCServer-debugsource-0.9.10-lp152.9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"LibVNCServer-devel-0.9.10-lp152.9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncclient0-0.9.10-lp152.9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncclient0-debuginfo-0.9.10-lp152.9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncserver0-0.9.10-lp152.9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncserver0-debuginfo-0.9.10-lp152.9.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer-debugsource / LibVNCServer-devel / libvncclient0 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-23T03:48:18", "description": "This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : LibVNCServer (openSUSE-2020-988)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libvncclient0", "p-cpe:/a:novell:opensuse:LibVNCServer-devel", "p-cpe:/a:novell:opensuse:LibVNCServer-debugsource", "p-cpe:/a:novell:opensuse:libvncclient0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0"], "id": "OPENSUSE-2020-988.NASL", "href": "https://www.tenable.com/plugins/nessus/138751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-988.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138751);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2017-18922\", \"CVE-2018-21247\", \"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\");\n\n script_name(english:\"openSUSE Security Update : LibVNCServer (openSUSE-2020-988)\");\n script_summary(english:\"Check for the openSUSE-2020-988 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173880\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected LibVNCServer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"LibVNCServer-debugsource-0.9.10-lp151.7.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"LibVNCServer-devel-0.9.10-lp151.7.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvncclient0-0.9.10-lp151.7.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvncclient0-debuginfo-0.9.10-lp151.7.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvncserver0-0.9.10-lp151.7.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvncserver0-debuginfo-0.9.10-lp151.7.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer-debugsource / LibVNCServer-devel / libvncclient0 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-31T03:51:36", "description": "This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-27T00:00:00", "title": "openSUSE Security Update : LibVNCServer (openSUSE-2020-1056)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-07-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libvncclient0", "p-cpe:/a:novell:opensuse:LibVNCServer-devel", "p-cpe:/a:novell:opensuse:LibVNCServer-debugsource", "p-cpe:/a:novell:opensuse:libvncclient0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0"], "id": "OPENSUSE-2020-1056.NASL", "href": "https://www.tenable.com/plugins/nessus/138984", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1056.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2017-18922\", \"CVE-2018-21247\", \"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\");\n\n script_name(english:\"openSUSE Security Update : LibVNCServer (openSUSE-2020-1056)\");\n script_summary(english:\"Check for the openSUSE-2020-1056 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for LibVNCServer fixes the following issues :\n\n - security update\n\n - added patches fix CVE-2018-21247 [bsc#1173874],\n uninitialized memory contents are vulnerable to\n Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173880\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected LibVNCServer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"LibVNCServer-debugsource-0.9.10-lp152.9.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"LibVNCServer-devel-0.9.10-lp152.9.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncclient0-0.9.10-lp152.9.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncclient0-debuginfo-0.9.10-lp152.9.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncserver0-0.9.10-lp152.9.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libvncserver0-debuginfo-0.9.10-lp152.9.4.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer-debugsource / LibVNCServer-devel / libvncclient0 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T13:22:17", "description": "This update for LibVNCServer fixes the following issues :\n\nsecurity update\n\nadded patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory\ncontents are vulnerable to Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-16T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2020:1922-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-07-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncserver0"], "id": "SUSE_SU-2020-1922-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1922-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138548);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/20\");\n\n script_cve_id(\"CVE-2017-18922\", \"CVE-2018-21247\", \"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2020:1922-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for LibVNCServer fixes the following issues :\n\nsecurity update\n\nadded patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory\ncontents are vulnerable to Information leak\n\n + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839\n [bsc#1173875], buffer overflow in\n ConnectClientToUnixSock()\n\n + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840\n [bsc#1173876], unaligned accesses in hybiReadAndDecode\n can lead to denial of service\n\n + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398\n [bsc#1173880], improperly closed TCP connection causes\n an infinite loop in libvncclient/sockets.c\n\n + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397\n [bsc#1173700], NULL pointer dereference in\n libvncserver/rfbregion.c\n\n + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399\n [bsc#1173743], Byte-aligned data is accessed through\n uint32_t pointers in libvncclient/rfbproto.c.\n\n + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400\n [bsc#1173691], Byte-aligned data is accessed through\n uint16_t pointers in libvncserver/translate.c.\n\n + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401\n [bsc#1173694], potential integer overflows in\n libvncserver/scale.c\n\n + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402\n [bsc#1173701], out-of-bounds access via encodings.\n\n + LibVNCServer-CVE-2020-14402,14403,14404.patch fix\n CVE-2017-18922 [bsc#1173477], preauth buffer overwrite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-21247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14401/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14402/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201922-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42fb2444\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1922=1\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1922=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1922=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1922=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"LibVNCServer-debugsource-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvncserver0-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvncserver0-debuginfo-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"LibVNCServer-debugsource-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvncserver0-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvncserver0-debuginfo-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"LibVNCServer-debugsource-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvncserver0-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvncserver0-debuginfo-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"LibVNCServer-debugsource-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvncserver0-0.9.10-4.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvncserver0-debuginfo-0.9.10-4.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:29:41", "description": "This update for LibVNCServer fixes the following issues :\n\nsecurity update fix CVE-2018-21247 [bsc#1173874], uninitialized memory\ncontents are vulnerable to Information leak fix CVE-2019-20839\n[bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix\nCVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode\ncan lead to denial of service fix CVE-2020-14398 [bsc#1173880],\nimproperly closed TCP connection causes an infinite loop in\nlibvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer\ndereference in libvncserver/rfbregion.c fix CVE-2020-14399\n[bsc#1173743], Byte-aligned data is accessed through uint32_t pointers\nin libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691],\nByte-aligned data is accessed through uint16_t pointers in\nlibvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential\ninteger overflows in libvncserver/scale.c fix CVE-2020-14402\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922\n[bsc#1173477], preauth buffer overwrite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-08-10T00:00:00", "title": "SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2020:2167-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-08-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvncclient0", "p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncserver0"], "id": "SUSE_SU-2020-2167-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2167-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139453);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-18922\", \"CVE-2018-21247\", \"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\", \"CVE-2020-14403\", \"CVE-2020-14404\");\n\n script_name(english:\"SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2020:2167-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for LibVNCServer fixes the following issues :\n\nsecurity update fix CVE-2018-21247 [bsc#1173874], uninitialized memory\ncontents are vulnerable to Information leak fix CVE-2019-20839\n[bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix\nCVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode\ncan lead to denial of service fix CVE-2020-14398 [bsc#1173880],\nimproperly closed TCP connection causes an infinite loop in\nlibvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer\ndereference in libvncserver/rfbregion.c fix CVE-2020-14399\n[bsc#1173743], Byte-aligned data is accessed through uint32_t pointers\nin libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691],\nByte-aligned data is accessed through uint16_t pointers in\nlibvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential\ninteger overflows in libvncserver/scale.c fix CVE-2020-14402\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404\n[bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922\n[bsc#1173477], preauth buffer overwrite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-21247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14401/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14403/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14404/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202167-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09a86114\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2167=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2167=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2167=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2167=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2167=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2167=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2167=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2167=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2167=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2167=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2167=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2167=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"LibVNCServer-debugsource-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvncclient0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvncclient0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvncserver0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvncserver0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"LibVNCServer-debugsource-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvncclient0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvncclient0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvncserver0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvncserver0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"LibVNCServer-debugsource-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvncclient0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvncclient0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvncserver0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvncserver0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"LibVNCServer-debugsource-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvncclient0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvncclient0-debuginfo-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvncserver0-0.9.9-17.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvncserver0-debuginfo-0.9.9-17.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:00", "description": "According to the versions of the libvncserve packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2020-09-02T00:00:00", "title": "EulerOS 2.0 SP5 : libvncserve (EulerOS-SA-2020-1940)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-21247", "CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvncserver-devel", "p-cpe:/a:huawei:euleros:libvncserver", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1940.NASL", "href": "https://www.tenable.com/plugins/nessus/140161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140161);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21247\",\n \"CVE-2019-20839\",\n \"CVE-2020-14397\",\n \"CVE-2020-14398\",\n \"CVE-2020-14399\",\n \"CVE-2020-14400\",\n \"CVE-2020-14401\",\n \"CVE-2020-14402\",\n \"CVE-2020-14403\",\n \"CVE-2020-14404\",\n \"CVE-2020-14405\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libvncserve (EulerOS-SA-2020-1940)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvncserve packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1940\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04be607a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvncserve packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvncserver-0.9.9-12.h12.eulerosv2r7\",\n \"libvncserver-devel-0.9.9-12.h12.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserve\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:34", "description": "According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2020-07-30T00:00:00", "title": "EulerOS 2.0 SP8 : libvncserver (EulerOS-SA-2020-1811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-21247", "CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvncserver", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/139141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139141);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21247\",\n \"CVE-2019-20839\",\n \"CVE-2020-14397\",\n \"CVE-2020-14398\",\n \"CVE-2020-14399\",\n \"CVE-2020-14400\",\n \"CVE-2020-14401\",\n \"CVE-2020-14402\",\n \"CVE-2020-14403\",\n \"CVE-2020-14404\",\n \"CVE-2020-14405\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : libvncserver (EulerOS-SA-2020-1811)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1811\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6adb34ca\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvncserver packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14401\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvncserver-0.9.11-8.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:54", "description": "According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : libvncserver (EulerOS-SA-2020-2362)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-21247", "CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvncserver", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2362.NASL", "href": "https://www.tenable.com/plugins/nessus/142357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142357);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21247\",\n \"CVE-2019-20839\",\n \"CVE-2020-14397\",\n \"CVE-2020-14398\",\n \"CVE-2020-14399\",\n \"CVE-2020-14400\",\n \"CVE-2020-14401\",\n \"CVE-2020-14402\",\n \"CVE-2020-14403\",\n \"CVE-2020-14404\",\n \"CVE-2020-14405\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libvncserver (EulerOS-SA-2020-2362)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n There is an information leak (of uninitialized memory\n contents) in the libvncclient/rfbproto.c\n ConnectToRFBRepeater function.(CVE-2018-21247)\n\n - libvncclient/sockets.c in LibVNCServer before 0.9.13\n has a buffer overflow via a long socket\n filename.(CVE-2019-20839)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n An improperly closed TCP connection causes an infinite\n loop in libvncclient/sockets.c.(CVE-2020-14398)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint32_t pointers\n in libvncclient/rfbproto.c.(CVE-2020-14399)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n Byte-aligned data is accessed through uint16_t pointers\n in libvncserver/translate.c.(CVE-2020-14400)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/scale.c has a pixel_value integer\n overflow.(CVE-2020-14401)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/hextile.c allows out-of-bounds access via\n encodings.(CVE-2020-14403)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncserver/rre.c allows out-of-bounds access via\n encodings.(CVE-2020-14404)\n\n - An issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2362\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2b5ab90\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvncserver packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvncserver-0.9.9-12.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-09-25T10:56:29", "description": "Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled\ncertain malformed unix socket names. A remote attacker could exploit\nthis with a crafted socket name, leading to a denial of service, or\npossibly execute arbitrary code. (CVE-2019-20839) It was discovered\nthat LibVNCServer did not properly access byte-aligned data. A remote\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier\ndiscovered that LibVNCServer incorrectly handled anonymous TLS\nconnections. A remote attacker could possibly use this issue to cause\nLibVNCServer to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered\nthat LibVNCServer incorrectly handled region clipping. A remote\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. (CVE-2020-14397) It was discovered\nthat LibVNCServer did not properly reset incorrectly terminated TCP\nconnections. A remote attacker could possibly use this issue to cause\nan infinite loop, resulting in a denial of service. (CVE-2020-14398)\nIt was discovered that LibVNCServer did not properly access\nbyte-aligned data. A remote attacker could possibly use this issue to\ncause LibVNCServer to crash, resulting in a denial of service.\n(CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer\nincorrectly handled screen scaling on the server side. A remote\nattacker could use this issue to cause LibVNCServer to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2020-14401) It was discovered that LibVNCServer incorrectly\nhandled encodings. A remote attacker could use this issue to cause\nLibVNCServer to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-14402, CVE-2020-14403,\nCVE-2020-14404) It was discovered that LibVNCServer incorrectly\nhandled TextChat messages. A remote attacker could possibly use this\nissue to cause LibVNCServer to crash, resulting in a denial of\nservice. (CVE-2020-14405).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2020-07-27T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : LibVNCServer vulnerabilities (USN-4434-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402", "CVE-2020-14396"], "modified": "2020-07-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libvncserver1", "p-cpe:/a:canonical:ubuntu_linux:libvncclient1"], "id": "UBUNTU_USN-4434-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4434-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138999);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2019-20839\", \"CVE-2019-20840\", \"CVE-2020-14396\", \"CVE-2020-14397\", \"CVE-2020-14398\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\", \"CVE-2020-14403\", \"CVE-2020-14404\", \"CVE-2020-14405\");\n script_xref(name:\"USN\", value:\"4434-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : LibVNCServer vulnerabilities (USN-4434-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled\ncertain malformed unix socket names. A remote attacker could exploit\nthis with a crafted socket name, leading to a denial of service, or\npossibly execute arbitrary code. (CVE-2019-20839) It was discovered\nthat LibVNCServer did not properly access byte-aligned data. A remote\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier\ndiscovered that LibVNCServer incorrectly handled anonymous TLS\nconnections. A remote attacker could possibly use this issue to cause\nLibVNCServer to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered\nthat LibVNCServer incorrectly handled region clipping. A remote\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. (CVE-2020-14397) It was discovered\nthat LibVNCServer did not properly reset incorrectly terminated TCP\nconnections. A remote attacker could possibly use this issue to cause\nan infinite loop, resulting in a denial of service. (CVE-2020-14398)\nIt was discovered that LibVNCServer did not properly access\nbyte-aligned data. A remote attacker could possibly use this issue to\ncause LibVNCServer to crash, resulting in a denial of service.\n(CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer\nincorrectly handled screen scaling on the server side. A remote\nattacker could use this issue to cause LibVNCServer to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2020-14401) It was discovered that LibVNCServer incorrectly\nhandled encodings. A remote attacker could use this issue to cause\nLibVNCServer to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2020-14402, CVE-2020-14403,\nCVE-2020-14404) It was discovered that LibVNCServer incorrectly\nhandled TextChat messages. A remote attacker could possibly use this\nissue to cause LibVNCServer to crash, resulting in a denial of\nservice. (CVE-2020-14405).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4434-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libvncclient1 and / or libvncserver1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14401\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncclient1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncserver1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libvncclient1\", pkgver:\"0.9.10+dfsg-3ubuntu0.16.04.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libvncserver1\", pkgver:\"0.9.10+dfsg-3ubuntu0.16.04.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libvncclient1\", pkgver:\"0.9.11+dfsg-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libvncserver1\", pkgver:\"0.9.11+dfsg-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"libvncclient1\", pkgver:\"0.9.12+dfsg-9ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"libvncserver1\", pkgver:\"0.9.12+dfsg-9ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncclient1 / libvncserver1\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:26", "description": "According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - LibVNCServer makes writing a VNC server (or more\n correctly, a program exporting a frame-buffer via the\n Remote Frame Buffer protocol) easy. It hides the\n programmer from the tedious task of managing clients\n and compression schemata.Security Fix(es):An issue was\n discovered in LibVNCServer before 0.9.13. There is an\n information leak (of uninitialized memory contents) in\n the libvncclient/rfbproto.c ConnectToRFBRepeater\n function.(CVE-2018-21247)libvncclient/sockets.c in\n LibVNCServer before 0.9.13 has a buffer overflow via a\n long socket filename.(CVE-2019-20839)An issue was\n discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)An issue was discovered in\n LibVNCServer before 0.9.13. An improperly closed TCP\n connection causes an infinite loop in\n libvncclient/sockets.c.(CVE-2020-14398)An issue was\n discovered in LibVNCServer before 0.9.13. Byte-aligned\n data is accessed through uint32_t pointers in\n libvncclient/rfbproto.c. NOTE: there is reportedly 'no\n trust boundary crossed.'(CVE-2020-14399)An issue was\n discovered in LibVNCServer before 0.9.13. Byte-aligned\n data is accessed through uint16_t pointers in\n libvncserver/translate.c. NOTE: Third parties do not\n consider this to be a vulnerability as there is no\n known path of exploitation or cross of a trust\n boundary.(CVE-2020-14400)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/scale.c has a\n pixel_value integer overflow.(CVE-2020-14401)An issue\n was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/hextile.c\n allows out-of-bounds access via\n encodings.(CVE-2020-14403)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/rre.c allows\n out-of-bounds access via encodings.(CVE-2020-14404)An\n issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)libvncclient/cursor.c in\n LibVNCServer through 0.9.12 has a HandleCursorShape\n integer overflow and heap-based buffer overflow via a\n large height or width value. (CVE-2019-20788)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2020-2116)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-21247", "CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2019-20788", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14398", "CVE-2020-14402"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvncserver", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2116.NASL", "href": "https://www.tenable.com/plugins/nessus/140883", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140883);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21247\",\n \"CVE-2019-20788\",\n \"CVE-2019-20839\",\n \"CVE-2020-14397\",\n \"CVE-2020-14398\",\n \"CVE-2020-14399\",\n \"CVE-2020-14400\",\n \"CVE-2020-14401\",\n \"CVE-2020-14402\",\n \"CVE-2020-14403\",\n \"CVE-2020-14404\",\n \"CVE-2020-14405\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2020-2116)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvncserver package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - LibVNCServer makes writing a VNC server (or more\n correctly, a program exporting a frame-buffer via the\n Remote Frame Buffer protocol) easy. It hides the\n programmer from the tedious task of managing clients\n and compression schemata.Security Fix(es):An issue was\n discovered in LibVNCServer before 0.9.13. There is an\n information leak (of uninitialized memory contents) in\n the libvncclient/rfbproto.c ConnectToRFBRepeater\n function.(CVE-2018-21247)libvncclient/sockets.c in\n LibVNCServer before 0.9.13 has a buffer overflow via a\n long socket filename.(CVE-2019-20839)An issue was\n discovered in LibVNCServer before 0.9.13.\n libvncserver/rfbregion.c has a NULL pointer\n dereference.(CVE-2020-14397)An issue was discovered in\n LibVNCServer before 0.9.13. An improperly closed TCP\n connection causes an infinite loop in\n libvncclient/sockets.c.(CVE-2020-14398)An issue was\n discovered in LibVNCServer before 0.9.13. Byte-aligned\n data is accessed through uint32_t pointers in\n libvncclient/rfbproto.c. NOTE: there is reportedly 'no\n trust boundary crossed.'(CVE-2020-14399)An issue was\n discovered in LibVNCServer before 0.9.13. Byte-aligned\n data is accessed through uint16_t pointers in\n libvncserver/translate.c. NOTE: Third parties do not\n consider this to be a vulnerability as there is no\n known path of exploitation or cross of a trust\n boundary.(CVE-2020-14400)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/scale.c has a\n pixel_value integer overflow.(CVE-2020-14401)An issue\n was discovered in LibVNCServer before 0.9.13.\n libvncserver/corre.c allows out-of-bounds access via\n encodings.(CVE-2020-14402)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/hextile.c\n allows out-of-bounds access via\n encodings.(CVE-2020-14403)An issue was discovered in\n LibVNCServer before 0.9.13. libvncserver/rre.c allows\n out-of-bounds access via encodings.(CVE-2020-14404)An\n issue was discovered in LibVNCServer before 0.9.13.\n libvncclient/rfbproto.c does not limit TextChat\n size.(CVE-2020-14405)libvncclient/cursor.c in\n LibVNCServer through 0.9.12 has a HandleCursorShape\n integer overflow and heap-based buffer overflow via a\n large height or width value. (CVE-2019-20788)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2116\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?95cb084f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvncserver packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvncserver-0.9.9-12.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-08-08T13:53:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402", "CVE-2020-14396"], "description": "Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled \ncertain malformed unix socket names. A remote attacker could exploit this \nwith a crafted socket name, leading to a denial of service, or possibly \nexecute arbitrary code. (CVE-2019-20839)\n\nIt was discovered that LibVNCServer did not properly access byte-aligned \ndata. A remote attacker could possibly use this issue to cause \nLibVNCServer to crash, resulting in a denial of service. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840)\n\nChristian Beier discovered that LibVNCServer incorrectly handled anonymous \nTLS connections. A remote attacker could possibly use this issue to cause \nLibVNCServer to crash, resulting in a denial of service. This issue only \naffected Ubuntu 20.04 LTS. (CVE-2020-14396)\n\nIt was discovered that LibVNCServer incorrectly handled region clipping. A \nremote attacker could possibly use this issue to cause LibVNCServer to \ncrash, resulting in a denial of service. (CVE-2020-14397)\n\nIt was discovered that LibVNCServer did not properly reset incorrectly \nterminated TCP connections. A remote attacker could possibly use this \nissue to cause an infinite loop, resulting in a denial of service. \n(CVE-2020-14398)\n\nIt was discovered that LibVNCServer did not properly access byte-aligned \ndata. A remote attacker could possibly use this issue to cause \nLibVNCServer to crash, resulting in a denial of service. (CVE-2020-14399, \nCVE-2020-14400)\n\nIt was discovered that LibVNCServer incorrectly handled screen scaling on \nthe server side. A remote attacker could use this issue to cause \nLibVNCServer to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. (CVE-2020-14401)\n\nIt was discovered that LibVNCServer incorrectly handled encodings. A \nremote attacker could use this issue to cause LibVNCServer to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2020-14402, CVE-2020-14403, CVE-2020-14404)\n\nIt was discovered that LibVNCServer incorrectly handled TextChat messages. \nA remote attacker could possibly use this issue to cause LibVNCServer to \ncrash, resulting in a denial of service. (CVE-2020-14405)", "edition": 2, "modified": "2020-07-23T00:00:00", "published": "2020-07-23T00:00:00", "id": "USN-4434-1", "href": "https://ubuntu.com/security/notices/USN-4434-1", "title": "LibVNCServer vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-10-07T19:02:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14404", "CVE-2019-15681", "CVE-2018-7225", "CVE-2020-14397", "CVE-2014-6053", "CVE-2020-14403", "CVE-2020-14402"], "description": "Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText \nmessages. A remote attacker could use this issue to cause the server to \ncrash, resulting in a denial of service. (CVE-2014-6053)\n\nIt was discovered that Vino incorrectly handled certain packet lengths. A \nremote attacker could possibly use this issue to obtain sensitive \ninformation, cause a denial of service, or execute arbitrary code. \n(CVE-2018-7225)\n\nPavel Cheremushkin discovered that an information disclosure vulnerability \nexisted in Vino when sending a ServerCutText message. An attacker could \npossibly use this issue to expose sensitive information. (CVE-2019-15681)\n\nIt was discovered that Vino incorrectly handled region clipping. A remote \nattacker could possibly use this issue to cause Vino to crash, resulting in \na denial of service. (CVE-2020-14397)\n\nIt was discovered that Vino incorrectly handled encodings. A remote \nattacker could use this issue to cause Vino to crash, resulting in a denial \nof service, or possibly execute arbitrary code. (CVE-2020-14402, \nCVE-2020-14403, CVE-2020-14404)", "edition": 1, "modified": "2020-10-07T00:00:00", "published": "2020-10-07T00:00:00", "id": "USN-4573-1", "href": "https://ubuntu.com/security/notices/USN-4573-1", "title": "Vino vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T15:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922", "CVE-2019-15681", "CVE-2019-20788", "CVE-2019-15680", "CVE-2019-15690"], "description": "It was discovered that LibVNCServer incorrectly handled decompressing data. An \nattacker could possibly use this issue to cause LibVNCServer to crash, \nresulting in a denial of service. (CVE-2019-15680)\n\nIt was discovered that an information disclosure vulnerability existed in \nLibVNCServer when sending a ServerCutText message. An attacker could possibly \nuse this issue to expose sensitive information. This issue only affected \nUbuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)\n\nIt was discovered that LibVNCServer incorrectly handled cursor shape updates. \nIf a user were tricked in to connecting to a malicious server, an attacker \ncould possibly use this issue to cause LibVNCServer to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. \n(CVE-2019-15690, CVE-2019-20788)\n\nIt was discovered that LibVNCServer incorrectly handled decoding WebSocket \nframes. An attacker could possibly use this issue to cause LibVNCServer to \ncrash, resulting in a denial of service, or possibly execute arbitrary code. \nThis issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. \n(CVE-2017-18922)", "edition": 1, "modified": "2020-07-01T00:00:00", "published": "2020-07-01T00:00:00", "id": "USN-4407-1", "href": "https://ubuntu.com/security/notices/USN-4407-1", "title": "LibVNCServer vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "virtuozzo": [{"lastseen": "2020-08-19T20:43:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2019-20840", "CVE-2020-14398", "CVE-2020-14402", "CVE-2020-14396"], "description": "The Hotfix 2 for Virtuozzo Hybrid Server 7.0 Update 14 provides security, stability, and usability bug fixes.\n**Vulnerability id:** PSBM-106197, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405\nFixed multiple vulnerabilities in libvncserver by applying upstream fixes.\n\n", "edition": 2, "modified": "2020-08-19T00:00:00", "published": "2020-08-19T00:00:00", "id": "VZA-2020-058", "href": "https://help.virtuozzo.com/s/article/VZA-2020-058", "title": "Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 2 (7.0.14-258)", "type": "virtuozzo", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2019-20839", "CVE-2019-20840"], "description": "LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. ", "modified": "2020-07-16T01:14:52", "published": "2020-07-16T01:14:52", "id": "FEDORA:B317E30AF620", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: libvncserver-0.9.13-2.fc32", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922", "CVE-2018-21247", "CVE-2019-20839"], "description": "LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. ", "modified": "2020-07-15T01:12:04", "published": "2020-07-15T01:12:04", "id": "FEDORA:66EDC30FF7B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: libvncserver-0.9.13-2.fc31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:25:41", "description": "An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2018-21247", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21247"], "modified": "2020-07-24T18:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:opensuse:leap:15.2", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2018-21247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21247", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:50", "description": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2019-20840", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20840"], "modified": "2020-07-28T02:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2019-20840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20840", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.\"", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14399", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14399"], "modified": "2020-08-29T00:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14399", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14399", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14402", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14402"], "modified": "2020-10-14T19:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14402", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14402", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14401", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14401"], "modified": "2020-08-29T00:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14401", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14397", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14397"], "modified": "2020-10-14T19:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14397", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14397", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14400", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14400"], "modified": "2020-08-29T00:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14400", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:30", "description": "It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-30T11:15:00", "title": "CVE-2017-18922", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18922"], "modified": "2020-07-24T18:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:opensuse:leap:15.2", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2017-18922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18922", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:50", "description": "libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2019-20839", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20839"], "modified": "2020-08-29T00:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:opensuse:leap:15.2", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2019-20839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20839", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T16:15:00", "title": "CVE-2020-14398", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14398"], "modified": "2020-07-28T02:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14398", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:04:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14402"], "description": "Package : libvncserver\nVersion : 0.9.9+dfsg2-6.1+deb8u8\nCVE ID : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 \n CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 \n CVE-2020-14405\nDebian Bug : \n\n\nSeveral vulnerabilities have been discovered in libVNC (libvncserver Debian package), an\nimplemenantation of the VNC server and client protocol.\n\nCVE-2019-20839\n\n libvncclient/sockets.c in LibVNCServer had a buffer overflow via a\n long socket filename.\n\nCVE-2020-14397\n\n libvncserver/rfbregion.c had a NULL pointer dereference.\n\nCVE-2020-14399\n\n Byte-aligned data was accessed through uint32_t pointers in\n libvncclient/rfbproto.c.\n\nCVE-2020-14400\n\n Byte-aligned data was accessed through uint16_t pointers in\n libvncserver/translate.c.\n\nCVE-2020-14401\n\n libvncserver/scale.c had a pixel_value integer overflow.\n\nCVE-2020-14402\n\n libvncserver/corre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14403\n\n libvncserver/hextile.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14404\n\n libvncserver/rre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14405\n\n libvncclient/rfbproto.c does not limit TextChat size.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.9.9+dfsg2-6.1+deb8u8.\n\nWe recommend that you upgrade your libvncserver packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 6, "modified": "2020-06-30T09:30:01", "published": "2020-06-30T09:30:01", "id": "DEBIAN:DLA-2264-1:C112C", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202006/msg00035.html", "title": "[SECURITY] [DLA 2264-1] libvncserver security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-09-03T01:05:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14402"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2347-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Mike Gabriel\nAugust 28, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : libvncserver\nVersion : 0.9.11+dfsg-1.3~deb9u5\nCVE ID : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 \n CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 \n CVE-2020-14405\n\nSeveral minor vulnerabilities have been discovered in libvncserver, a\nserver and client implementation of the VNC protocol.\n\nCVE-2019-20839\n\n libvncclient/sockets.c in LibVNCServer had a buffer overflow via a\n long socket filename.\n\nCVE-2020-14397\n\n libvncserver/rfbregion.c has a NULL pointer dereference.\n\nCVE-2020-14399\n\n Byte-aligned data was accessed through uint32_t pointers in\n libvncclient/rfbproto.c.\n\n NOTE: This issue has been disputed by third parties; there is\n reportedly "no trust boundary crossed".\n\nCVE-2020-14400\n\n Byte-aligned data was accessed through uint16_t pointers in\n libvncserver/translate.c.\n\n NOTE: This issue has been disputed by third parties. There is no\n known path of exploitation or cross of a trust boundary.\n\nCVE-2020-14401\n\n libvncserver/scale.c had a pixel_value integer overflow.\n\nCVE-2020-14402\n\n libvncserver/corre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14403\n\n libvncserver/hextile.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14404\n\n libvncserver/rre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14405\n\n libvncclient/rfbproto.c did not limit TextChat size.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.9.11+dfsg-1.3~deb9u5.\n\nWe recommend that you upgrade your libvncserver packages.\n\nFor the detailed security status of libvncserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libvncserver\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 3, "modified": "2020-08-28T21:46:21", "published": "2020-08-28T21:46:21", "id": "DEBIAN:DLA-2347-1:E5BCB", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00045.html", "title": "[SECURITY] [DLA 2347-1] libvncserver security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2020-08-08T12:16:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14405", "CVE-2020-14404", "CVE-2020-14397", "CVE-2020-14399", "CVE-2020-14400", "CVE-2020-14401", "CVE-2020-14403", "CVE-2019-20839", "CVE-2020-14402"], "description": "The remote host is missing an update for the ", "modified": "2020-07-02T00:00:00", "published": "2020-07-01T00:00:00", "id": "OPENVAS:1361412562310892264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892264", "type": "openvas", "title": "Debian LTS: Security Advisory for libvncserver (DLA-2264-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892264\");\n script_version(\"2020-07-02T07:03:33+0000\");\n script_cve_id(\"CVE-2019-20839\", \"CVE-2020-14397\", \"CVE-2020-14399\", \"CVE-2020-14400\", \"CVE-2020-14401\", \"CVE-2020-14402\", \"CVE-2020-14403\", \"CVE-2020-14404\", \"CVE-2020-14405\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-02 07:03:33 +0000 (Thu, 02 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-01 03:02:32 +0000 (Wed, 01 Jul 2020)\");\n script_name(\"Debian LTS: Security Advisory for libvncserver (DLA-2264-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2264-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvncserver'\n package(s) announced via the DLA-2264-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an\nimplemenantation of the VNC server and client protocol.\n\nCVE-2019-20839\n\nlibvncclient/sockets.c in LibVNCServer had a buffer overflow via a\nlong socket filename.\n\nCVE-2020-14397\n\nlibvncserver/rfbregion.c had a NULL pointer dereference.\n\nCVE-2020-14399\n\nByte-aligned data was accessed through uint32_t pointers in\nlibvncclient/rfbproto.c.\n\nCVE-2020-14400\n\nByte-aligned data was accessed through uint16_t pointers in\nlibvncserver/translate.c.\n\nCVE-2020-14401\n\nlibvncserver/scale.c had a pixel_value integer overflow.\n\nCVE-2020-14402\n\nlibvncserver/corre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14403\n\nlibvncserver/hextile.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14404\n\nlibvncserver/rre.c allowed out-of-bounds access via encodings.\n\nCVE-2020-14405\n\nlibvncclient/rfbproto.c does not limit TextChat size.\");\n\n script_tag(name:\"affected\", value:\"'libvncserver' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.9.9+dfsg2-6.1+deb8u8.\n\nWe recommend that you upgrade your libvncserver packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libvncclient0\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvncclient0-dbg\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvncserver0-dbg\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linuxvnc\", ver:\"0.9.9+dfsg2-6.1+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-21T20:03:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18922", "CVE-2019-15681", "CVE-2019-20788", "CVE-2019-15680", "CVE-2019-15690"], "description": "The remote host is missing an update for the ", "modified": "2020-07-09T00:00:00", "published": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562310844487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844487", "type": "openvas", "title": "Ubuntu: Security Advisory for libvncserver (USN-4407-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844487\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2019-15680\", \"CVE-2019-15681\", \"CVE-2019-15690\", \"CVE-2019-20788\", \"CVE-2017-18922\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:01:49 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Ubuntu: Security Advisory for libvncserver (USN-4407-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS|UBUNTU20\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4407-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-July/005495.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvncserver'\n package(s) announced via the USN-4407-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that LibVNCServer incorrectly handled decompressing\ndata. An\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. (CVE-2019-15680)\n\nIt was discovered that an information disclosure vulnerability existed in\nLibVNCServer when sending a ServerCutText message. An attacker could\npossibly\nuse this issue to expose sensitive information. This issue only affected\nUbuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)\n\nIt was discovered that LibVNCServer incorrectly handled cursor shape\nupdates.\nIf a user were tricked in to connecting to a malicious server, an attacker\ncould possibly use this issue to cause LibVNCServer to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.\n(CVE-2019-15690, CVE-2019-20788)\n\nIt was discovered that LibVNCServer incorrectly handled decoding WebSocket\nframes. An attacker could possibly use this issue to cause LibVNCServer to\ncrash, resulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu\n16.04 LTS.\n(CVE-2017-18922)\");\n\n script_tag(name:\"affected\", value:\"'libvncserver' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncclient1\", ver:\"0.9.11+dfsg-1.3ubuntu0.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncserver1\", ver:\"0.9.11+dfsg-1.3ubuntu0.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncclient1\", ver:\"0.9.11+dfsg-1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncserver1\", ver:\"0.9.11+dfsg-1ubuntu1.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncclient1\", ver:\"0.9.10+dfsg-3ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncserver1\", ver:\"0.9.10+dfsg-3ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncclient1\", ver:\"0.9.12+dfsg-9ubuntu0.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvncserver1\", ver:\"0.9.12+dfsg-9ubuntu0.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-09-01T16:08:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-01T18:47:55", "published": "2020-09-01T18:41:42", "id": "RHSA-2020:3588", "href": "https://access.redhat.com/errata/RHSA-2020:3588", "type": "redhat", "title": "(RHSA-2020:3588) Important: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-10T16:06:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-10T18:06:28", "published": "2020-08-10T17:51:34", "id": "RHSA-2020:3385", "href": "https://access.redhat.com/errata/RHSA-2020:3385", "type": "redhat", "title": "(RHSA-2020:3385) Important: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-17T14:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-17T17:05:50", "published": "2020-08-17T16:54:38", "id": "RHSA-2020:3456", "href": "https://access.redhat.com/errata/RHSA-2020:3456", "type": "redhat", "title": "(RHSA-2020:3456) Important: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-03T14:05:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-03T17:19:33", "published": "2020-08-03T17:09:40", "id": "RHSA-2020:3281", "href": "https://access.redhat.com/errata/RHSA-2020:3281", "type": "redhat", "title": "(RHSA-2020:3281) Important: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-08-04T19:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "[0.9.9-14.1]\n- Fix CVE-2017-18922\n Resolves: #1852509", "edition": 2, "modified": "2020-08-04T00:00:00", "published": "2020-08-04T00:00:00", "id": "ELSA-2020-3281", "href": "http://linux.oracle.com/errata/ELSA-2020-3281.html", "title": "libvncserver security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-11T03:44:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "[0.9.11-15.1]\n- Fix NVR\n Related: #1852356\n[0.9.11-15]\n- Fix CVE-2017-18922\n Resolves: #1852356", "edition": 1, "modified": "2020-08-10T00:00:00", "published": "2020-08-10T00:00:00", "id": "ELSA-2020-3385", "href": "http://linux.oracle.com/errata/ELSA-2020-3385.html", "title": "libvncserver security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-08-07T17:42:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18922"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3281\n\n\nLibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-August/035790.html\n\n**Affected packages:**\nlibvncserver\nlibvncserver-devel\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-08-07T12:28:23", "published": "2020-08-07T12:28:23", "id": "CESA-2020:3281", "href": "http://lists.centos.org/pipermail/centos-announce/2020-August/035790.html", "title": "libvncserver security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
