ID USN-2365-1 Type ubuntu Reporter Ubuntu Modified 2014-09-29T00:00:00
Description
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the
file transfer feature. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-6055)
{"id": "USN-2365-1", "bulletinFamily": "unix", "title": "LibVNCServer vulnerabilities", "description": "Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when \nbeing advertised large screen sizes by the server. If a user were tricked \ninto connecting to a malicious server, an attacker could use this issue to \ncause a denial of service, or possibly execute arbitrary code. \n(CVE-2014-6051, CVE-2014-6052)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled large \nClientCutText messages. A remote attacker could use this issue to cause a \nserver to crash, resulting in a denial of service. (CVE-2014-6053)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling \nfactor values. A remote attacker could use this issue to cause a server to \ncrash, resulting in a denial of service. (CVE-2014-6054)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled memory in the \nfile transfer feature. A remote attacker could use this issue to cause a \nserver to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2014-6055)", "published": "2014-09-29T00:00:00", "modified": "2014-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-2365-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6055", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6053", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6052", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6054", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6051"], "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "type": "ubuntu", "lastseen": "2020-07-02T11:43:02", "edition": 5, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201410-10"]}, {"type": "centos", "idList": ["CESA-2014:1826", "CESA-2014:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868357", "OPENVAS:1361412562310123255", "OPENVAS:703081", "OPENVAS:1361412562310871289", "OPENVAS:1361412562310121388", "OPENVAS:1361412562310882081", "OPENVAS:1361412562310703081", "OPENVAS:1361412562310841989", "OPENVAS:1361412562310882078", "OPENVAS:1361412562310868369"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13979", "SECURITYVULNS:DOC:31107"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-2088-1.NASL", "UBUNTU_USN-2365-1.NASL", "GENTOO_GLSA-201507-07.NASL", "DEBIAN_DSA-3081.NASL", "DEBIAN_DLA-197.NASL", "FREEBSD_PKG_CB3F036D8C7F11E6924A60A44CE6887B.NASL", "SUSE_SU-2015-2110-1.NASL", "CENTOS_RHSA-2014-1826.NASL", "SUSE_SU-2015-2088-2.NASL", "MANDRIVA_MDVSA-2014-229.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1979-1:545C6", "DEBIAN:DLA-197-1:6E481", "DEBIAN:DLA-2014-1:AEDFD", "DEBIAN:DSA-3081-1:24750", "DEBIAN:DLA-2045-1:3847F"]}, {"type": "redhat", "idList": ["RHSA-2014:1827", "RHSA-2015:0113", "RHSA-2014:1826"]}, {"type": "freebsd", "idList": ["FB25333D-442F-11E4-98F3-5453ED2E2B49", "CB3F036D-8C7F-11E6-924A-60A44CE6887B"]}, {"type": "gentoo", "idList": ["GLSA-201507-07", "GLSA-201612-36"]}, {"type": "cve", "idList": ["CVE-2014-6051", "CVE-2014-6053", "CVE-2014-6052", "CVE-2014-6055", "CVE-2014-6054"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1827", "ELSA-2014-1826"]}, {"type": "ubuntu", "idList": ["USN-4587-1", "USN-4573-1"]}], "modified": "2020-07-02T11:43:02", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-07-02T11:43:02", "rev": 2}, "vulnersScore": 7.5}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvncserver0", "packageVersion": "0.9.9+dfsg-1ubuntu1.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvncserver0", "packageVersion": "0.9.8.2-2ubuntu1.1"}], "scheme": null}
{"freebsd": [{"lastseen": "2019-05-29T18:32:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "\nNicolas Ruff reports:\n\nInteger overflow in MallocFrameBuffer() on client side.\nLack of malloc() return value checking on client side.\nServer crash on a very large ClientCutText message.\nServer crash when scaling factor is set to zero.\nMultiple stack overflows in File Transfer feature.\n\n", "edition": 5, "modified": "2016-10-18T00:00:00", "published": "2014-09-23T00:00:00", "id": "CB3F036D-8C7F-11E6-924A-60A44CE6887B", "href": "https://vuxml.freebsd.org/freebsd/cb3f036d-8c7f-11e6-924a-60a44ce6887b.html", "title": "libvncserver -- multiple security vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6055"], "description": "\nMartin Sandsmark reports:\n\nkrfb 4.14 [and earlier] embeds libvncserver which has had\n\t several security issues.\nSeveral remotely exploitable security issues have been\n\t uncovered in libvncserver, some of which might allow a\n\t remote authenticated user code execution or application\n\t crashes.\n\n", "edition": 4, "modified": "2014-09-23T00:00:00", "published": "2014-09-23T00:00:00", "id": "FB25333D-442F-11E4-98F3-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/fb25333d-442f-11e4-98f3-5453ed2e2b49.html", "title": "krfb -- Multiple security issues in bundled libvncserver", "type": "freebsd", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-07-17T03:28:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1826\n\n\nLibVNCServer is a library that allows for easy creation of VNC server or\nclient functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's framebuffer\nsetup. A malicious VNC server could use this flaw to cause a VNC client to\ncrash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to \"0\". A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032785.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032796.html\n\n**Affected packages:**\nlibvncserver\nlibvncserver-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1826.html", "edition": 5, "modified": "2014-11-12T12:51:19", "published": "2014-11-11T18:36:28", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/032785.html", "id": "CESA-2014:1826", "title": "libvncserver security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6054"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1827\n\n\nThe kdenetwork packages contain networking applications for the K Desktop\nEnvironment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork\npackage, is a server application that allows session sharing between users.\nKrfb uses the LibVNCServer library.\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to \"0\". A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nNote: Prior to this update, the kdenetwork packages used an embedded copy\nof the LibVNCServer library. With this update, the kdenetwork packages have\nbeen modified to use the system LibVNCServer packages. Therefore, the\nupdate provided by RHSA-2014:1826 must be installed to fully address the\nissues in krfb described above.\n\nAll kdenetwork users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of the krfb server must be restarted for this update to take\neffect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032791.html\n\n**Affected packages:**\nkdenetwork\nkdenetwork-common\nkdenetwork-devel\nkdenetwork-fileshare-samba\nkdenetwork-kdnssd\nkdenetwork-kget\nkdenetwork-kget-libs\nkdenetwork-kopete\nkdenetwork-kopete-devel\nkdenetwork-kopete-libs\nkdenetwork-krdc\nkdenetwork-krdc-devel\nkdenetwork-krdc-libs\nkdenetwork-krfb\nkdenetwork-krfb-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1827.html", "edition": 3, "modified": "2014-11-12T09:44:41", "published": "2014-11-12T09:44:41", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/032791.html", "id": "CESA-2014:1827", "title": "kdenetwork security update", "type": "centos", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "\r\n\r\n#2014-007 libvncserver multiple issues\r\n\r\nDescription:\r\n\r\nVirtual Network Computing (VNC) is a graphical sharing system based on the\r\nRemote Frame Buffer (RFB) protocol.\r\n\r\nThe LibVNCServer project, an open source library for implementing VNC\r\ncompliant communication, suffers from a number of bugs that can be potentially\r\nexploited with security impact.\r\n\r\nVarious implementation issues resulting in remote code execution and/or DoS\r\nconditions on both the VNC server and client side have been discovered.\r\n\r\n 1. A malicious VNC server can trigger incorrect memory management\r\n handling by advertising a large screen size parameter to the VNC\r\n client. This would result in multiple memory corruptions and could\r\n allow remote code execution on the VNC client.\r\n\r\n 2. A malicious VNC client can trigger multiple DoS conditions on the VNC\r\n server by advertising a large screen size, ClientCutText message\r\n length and/or a zero scaling factor parameter.\r\n\r\n 3. A malicious VNC client can trigger multiple stack-based buffer\r\n overflows by passing a long file and directory names and/or attributes\r\n (FileTime) when using the file transfer message feature.\r\n\r\nIt should be noted that every described issue represents a post-authentication\r\nbug, therefore the server side conditions can be anonymously leveraged only if\r\nthe VNC server is configured to allow unauthenticated sessions.\r\n\r\nAffected version:\r\n\r\nLibVNCServer <= 0.9.9\r\n\r\nFixed version:\r\n\r\nLibVNCServer, N/A\r\n\r\nCredit: vulnerability report received from Nicolas Ruff\r\n of Google Security Team <nruff AT google.com>.\r\n\r\nCVE: CVE-2014-6051 (1), CVE-2014-6052 (1), CVE-2014-6053 (2),\r\n CVE-2014-6054 (2), CVE-2014-6055 (3)\r\n\r\nTimeline:\r\n\r\n2014-09-05: vulnerability report received\r\n2014-09-16: contacted affected vendors\r\n2014-09-22: contacted additional affected vendors\r\n2014-09-25: advisory release\r\n\r\nReferences:\r\n(1) https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273\r\n(2) https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28\r\n(2) https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446\r\n(3) https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e\r\n(3) https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2014-007.html\r\n\r\n-- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <lcars@ocert.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"\r\n\r\n", "edition": 1, "modified": "2014-09-29T00:00:00", "published": "2014-09-29T00:00:00", "id": "SECURITYVULNS:DOC:31107", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31107", "title": "[oCERT-2014-007] libvncserver multiple issues", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Buffer overflows, memory corruptions, DoS.", "edition": 1, "modified": "2014-09-29T00:00:00", "published": "2014-09-29T00:00:00", "id": "SECURITYVULNS:VULN:13979", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13979", "title": "libvncserver multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "edition": 1, "description": "### Background\n\nLibVNCServer is a cross-platform C library that allows you to easily implement VNC server functionality in your program. \n\n### Description\n\nMultiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll LibVNCServer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libvncserver-0.9.10-r1\"", "modified": "2015-07-07T00:00:00", "published": "2015-07-07T00:00:00", "id": "GLSA-201507-07", "href": "https://security.gentoo.org/glsa/201507-07", "type": "gentoo", "title": "LibVNCServer: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-13T09:58:27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8240", "CVE-2014-6051"], "edition": 1, "description": "### Background\n\nTigerVNC is a high-performance VNC server/client.\n\n### Description\n\nTigerVNC is impacted by the same vulnerability as found in CVE-2014-6051. An integer overflow, leading to a heap-based buffer overflow, was found in the way screen sizes were handled. \n\n### Impact\n\nA remote attacker, utilizing a malicious VNC server, could execute arbitrary code with the privileges of the user running the client, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll TigerVNC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/tigervnc-1.4.2\"", "modified": "2016-12-13T00:00:00", "published": "2016-12-13T00:00:00", "href": "https://security.gentoo.org/glsa/201612-36", "id": "GLSA-201612-36", "title": "TigerVNC: Integer overflow", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:28:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Package : libvncserver\nVersion : 0.9.7-2+deb6u1\nCVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 \n CVE-2014-6055\nDebian Bug : 762745\n\nSeveral vulnerabilities have been discovered in libvncserver, a library to\nimplement VNC server functionality. These vulnerabilities might result in\nthe execution of arbitrary code or denial of service in both the client\nand the server side.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.9.7-2+deb6u1.\n\nThis update has been prepared by Nguyen Cong.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 3, "modified": "2015-04-14T16:06:09", "published": "2015-04-14T16:06:09", "id": "DEBIAN:DLA-197-1:6E481", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00011.html", "title": "[SECURITY] [DLA 197-1] libvncserver security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:54", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3081-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nNovember 29, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvncserver\nCVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054\n CVE-2014-6055\nDebian Bug : 762745\n\nSeveral vulnerabilities have been discovered in libvncserver, a library to \nimplement VNC server functionality. These vulnerabilities might result in the \nexecution of arbitrary code or denial of service in both the client and the \nserver side.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.9+dfsg-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.9.9+dfsg-6.1.\n\nWe recommend that you upgrade your libvncserver packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-11-29T15:58:55", "published": "2014-11-29T15:58:55", "id": "DEBIAN:DSA-3081-1:24750", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00271.html", "title": "[SECURITY] [DSA 3081-1] libvncserver security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20022", "CVE-2018-20020", "CVE-2016-9941", "CVE-2018-15126", "CVE-2019-15681", "CVE-2018-7225", "CVE-2018-20021", "CVE-2018-15127", "CVE-2014-6053", "CVE-2018-20750", "CVE-2018-20024", "CVE-2018-20749", "CVE-2018-6307", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2018-20019", "CVE-2016-9942", "CVE-2018-20748", "CVE-2014-6054", "CVE-2018-20023"], "description": "Package : italc\nVersion : 1:2.0.2+dfsg1-2+deb8u1\nCVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054\n CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307\n CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019\n CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023\n CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750\n CVE-2019-15681\n\n\nSeveral vulnerabilities have been identified in the VNC code of iTALC, a\nclassroom management software. All vulnerabilities referenced below are\nissues that have originally been reported against Debian source package\nlibvncserver. The italc source package in Debian ships a custom-patched\nversion of libvncserver, thus libvncserver's security fixes required\nporting over.\n\nCVE-2014-6051\n\n Integer overflow in the MallocFrameBuffer function in vncviewer.c in\n LibVNCServer allowed remote VNC servers to cause a denial of service\n (crash) and possibly executed arbitrary code via an advertisement for\n a large screen size, which triggered a heap-based buffer overflow.\n\nCVE-2014-6052\n\n The HandleRFBServerMessage function in libvncclient/rfbproto.c in\n LibVNCServer did not check certain malloc return values, which\n allowed remote VNC servers to cause a denial of service (application\n crash) or possibly execute arbitrary code by specifying a large\n screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3)\n PalmVNCReSizeFrameBuffer message.\n\nCVE-2014-6053\n\n The rfbProcessClientNormalMessage function in\n libvncserver/rfbserver.c in LibVNCServer did not properly handle\n attempts to send a large amount of ClientCutText data, which allowed\n remote attackers to cause a denial of service (memory consumption or\n daemon crash) via a crafted message that was processed by using a\n single unchecked malloc.\n\nCVE-2014-6054\n\n The rfbProcessClientNormalMessage function in\n libvncserver/rfbserver.c in LibVNCServer allowed remote attackers to\n cause a denial of service (divide-by-zero error and server crash) via\n a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or\n (2) SetScale message.\n\nCVE-2014-6055\n\n Multiple stack-based buffer overflows in the File Transfer feature in\n rfbserver.c in LibVNCServer allowed remote authenticated users to\n cause a denial of service (crash) and possibly execute arbitrary code\n via a (1) long file or (2) directory name or the (3) FileTime\n attribute in a rfbFileTransferOffer message.\n\nCVE-2016-9941\n\n Heap-based buffer overflow in rfbproto.c in LibVNCClient in\n LibVNCServer allowed remote servers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n FramebufferUpdate message containing a subrectangle outside of the\n client drawing area.\n\nCVE-2016-9942\n\n Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer\n allowed remote servers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n FramebufferUpdate message with the Ultra type tile, such that the LZO\n payload decompressed length exceeded what is specified by the tile\n dimensions.\n\nCVE-2018-6307\n\n LibVNC contained heap use-after-free vulnerability in server code of\n file transfer extension that can result remote code execution.\n\nCVE-2018-7225\n\n An issue was discovered in LibVNCServer.\n rfbProcessClientNormalMessage() in rfbserver.c did not sanitize\n msg.cct.length, leading to access to uninitialized and potentially\n sensitive data or possibly unspecified other impact (e.g., an integer\n overflow) via specially crafted VNC packets.\n\nCVE-2018-15126\n\n LibVNC contained heap use-after-free vulnerability in server code of\n file transfer extension that can result remote code execution.\n\nCVE-2018-15127\n\n LibVNC contained heap out-of-bound write vulnerability in server code\n of file transfer extension that can result remote code execution\n\nCVE-2018-20749\n\n LibVNC contained a heap out-of-bounds write vulnerability in\n libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.\n\nCVE-2018-20750\n\n LibVNC contained a heap out-of-bounds write vulnerability in\n libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.\n\nCVE-2018-20019\n\n LibVNC contained multiple heap out-of-bound write vulnerabilities in\n VNC client code that can result remote code execution\n\nCVE-2018-20748\n\n LibVNC contained multiple heap out-of-bounds write vulnerabilities in\n libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.\n\nCVE-2018-20020\n\n LibVNC contained heap out-of-bound write vulnerability inside\n structure in VNC client code that can result remote code execution\n\nCVE-2018-20021\n\n LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client\n code. Vulnerability allows attacker to consume excessive amount of\n resources like CPU and RAM\n\nCVE-2018-20022\n\n LibVNC contained multiple weaknesses CWE-665: Improper Initialization\n vulnerability in VNC client code that allowed attackers to read stack\n memory and could be abused for information disclosure. Combined with\n another vulnerability, it could be used to leak stack memory layout\n and in bypassing ASLR.\n\nCVE-2018-20023\n\n LibVNC contained CWE-665: Improper Initialization vulnerability in\n VNC Repeater client code that allowed attacker to read stack memory\n and could be abused for information disclosure. Combined with another\n vulnerability, it could be used to leak stack memory layout and in\n bypassing ASLR.\n\nCVE-2018-20024\n\n LibVNC contained null pointer dereference in VNC client code that\n could result DoS.\n\nCVE-2019-15681\n\n LibVNC contained a memory leak (CWE-655) in VNC server code, which\n allowed an attacker to read stack memory and could be abused for\n information disclosure. Combined with another vulnerability, it could\n be used to leak stack memory and bypass ASLR. This attack appeared to\n be exploitable via network connectivity.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.0.2+dfsg1-2+deb8u1.\n\nWe recommend that you upgrade your italc packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 7, "modified": "2019-10-30T22:21:50", "published": "2019-10-30T22:21:50", "id": "DEBIAN:DLA-1979-1:545C6", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00042.html", "title": "[SECURITY] [DLA 1979-1] italc security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-29T22:14:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15681", "CVE-2018-7225", "CVE-2014-6053"], "description": "Package : vino\nVersion : 3.14.0-2+deb8u1\nCVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681\nDebian Bug : 945784\n\n\nSeveral vulnerabilities have been identified in the VNC code of vino, a\ndesktop sharing utility for the GNOME desktop environment.\n\nThe vulnerabilities referenced below are issues that have originally been\nreported against Debian source package libvncserver. The vino source\npackage in Debian ships a custom-patched and stripped down variant of\nlibvncserver, thus some of libvncserver's security fixes required porting\nover.\n\nCVE-2014-6053\n\n The rfbProcessClientNormalMessage function in\n libvncserver/rfbserver.c in LibVNCServer did not properly handle\n attempts to send a large amount of ClientCutText data, which allowed\n remote attackers to cause a denial of service (memory consumption or\n daemon crash) via a crafted message that was processed by using a\n single unchecked malloc.\n\nCVE-2018-7225\n\n An issue was discovered in LibVNCServer.\n rfbProcessClientNormalMessage() in rfbserver.c did not sanitize\n msg.cct.length, leading to access to uninitialized and potentially\n sensitive data or possibly unspecified other impact (e.g., an integer\n overflow) via specially crafted VNC packets.\n\nCVE-2019-15681\n\n LibVNC contained a memory leak (CWE-655) in VNC server code, which\n allowed an attacker to read stack memory and could be abused for\n information disclosure. Combined with another vulnerability, it could\n be used to leak stack memory and bypass ASLR. This attack appeared to\n be exploitable via network connectivity.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.14.0-2+deb8u1.\n\nWe recommend that you upgrade your vino packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 1, "modified": "2019-11-29T08:31:28", "published": "2019-11-29T08:31:28", "id": "DEBIAN:DLA-2014-1:AEDFD", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201911/msg00032.html", "title": "[SECURITY] [DLA 2014-1] vino security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:56:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20022", "CVE-2019-8287", "CVE-2018-20020", "CVE-2019-15681", "CVE-2018-7225", "CVE-2018-20021", "CVE-2014-6053", "CVE-2019-15678", "CVE-2019-15680", "CVE-2019-15679", "CVE-2018-20748"], "description": "Package : tightvnc\nVersion : 1.3.9-6.5+deb8u1\nCVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 \n CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 \n CVE-2019-15681\nDebian Bug : 945364\n\n\nSeveral vulnerabilities have recently been discovered in TightVNC 1.x, an\nX11 based VNC server/viewer application for Windows and Unix.\n\nCVE-2014-6053\n\n The rfbProcessClientNormalMessage function in rfbserver.c in TightVNC\n server did not properly handle attempts to send a large amount of\n ClientCutText data, which allowed remote attackers to cause a denial\n of service (memory consumption or daemon crash) via a crafted message\n that was processed by using a single unchecked malloc.\n\nCVE-2018-7225\n\n rfbProcessClientNormalMessage() in rfbserver.c did not sanitize\n msg.cct.length, leading to access to uninitialized and potentially\n sensitive data or possibly unspecified other impact (e.g., an integer\n overflow) via specially crafted VNC packets.\n\nCVE-2019-8287\n\n TightVNC code contained global buffer overflow in HandleCoRREBBP\n macro function, which could potentially have result in code\n execution. This attack appeared to be exploitable via network\n connectivity.\n\n (aka CVE-2018-20020/libvncserver)\n\nCVE-2018-20021\n\n TightVNC in vncviewer/rfbproto.c contained a CWE-835: Infinite loop\n vulnerability. The vulnerability allowed an attacker to consume\n an excessive amount of resources like CPU and RAM.\n\nCVE-2018-20022\n\n TightVNC's vncviewer contained multiple weaknesses CWE-665: Improper\n Initialization vulnerability in VNC client code that allowed\n attackers to read stack memory and could be abused for information\n disclosure. Combined with another vulnerability, it could be used to\n leak stack memory layout and in bypassing ASLR.\n\nCVE-2019-15678\n\n TightVNC code version contained heap buffer overflow in\n rfbServerCutText handler, which could have potentially resulted in\n code execution. This attack appeared to be exploitable via network\n connectivity.\n\n (partially aka CVE-2018-20748/libvnvserver)\n\nCVE-2019-15679\n\n TightVNC's vncviewer code contained a heap buffer overflow in\n InitialiseRFBConnection function, which could have potentially\n resulted in code execution. This attack appeared to be exploitable\n via network connectivity.\n\n (partially aka CVE-2018-20748/libvnvserver)\n\nCVE-2019-15680\n\n TightVNC's vncviewer code contained a null pointer dereference in\n HandleZlibBPP function, which could have resulted in Denial of System\n (DoS). This attack appeared to be exploitable via network\n connectivity.\n\nCVE-2019-15681\n\n TightVNC contained a memory leak (CWE-655) in VNC server code, which\n allowed an attacker to read stack memory and could have been abused\n for information disclosure. Combined with another vulnerability, it\n could have been used to leak stack memory and bypass ASLR. This\n attack appeared to be exploitable via network connectivity.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.9-6.5+deb8u1.\n\nWe recommend that you upgrade your tightvnc packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 7, "modified": "2019-12-21T16:03:32", "published": "2019-12-21T16:03:32", "id": "DEBIAN:DLA-2045-1:3847F", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201912/msg00028.html", "title": "[SECURITY] [DLA 2045-1] tightvnc security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-11-12T00:00:00", "id": "OPENVAS:1361412562310871289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871289", "type": "openvas", "title": "RedHat Update for libvncserver RHSA-2014:1826-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libvncserver RHSA-2014:1826-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871289\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-12 06:23:43 +0100 (Wed, 12 Nov 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\",\n \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for libvncserver RHSA-2014:1826-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvncserver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"LibVNCServer is a library that allows for easy creation of VNC server or\nclient functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's framebuffer\nsetup. A malicious VNC server could use this flaw to cause a VNC client to\ncrash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to '0'. A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\");\n script_tag(name:\"affected\", value:\"libvncserver on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1826-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00024.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.9~9.el7_0.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver-debuginfo\", rpm:\"libvncserver-debuginfo~0.9.9~9.el7_0.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.7~7.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver-debuginfo\", rpm:\"libvncserver-debuginfo~0.9.7~7.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Gentoo Linux Local Security Checks GLSA 201507-07", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121388", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201507-07", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201507-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121388\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:54 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201507-07\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201507-07\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201507-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-libs/libvncserver\", unaffected: make_list(\"ge 0.9.10-r1\"), vulnerable: make_list(\"lt 0.9.10-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Oracle Linux Local Security Checks ELSA-2014-1826", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123255", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1826.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123255\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1826\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1826 - libvncserver security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1826\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1826.html\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.9~9.el7_0.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libvncserver-devel\", rpm:\"libvncserver-devel~0.9.9~9.el7_0.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.7~7.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libvncserver-devel\", rpm:\"libvncserver-devel~0.9.7~7.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Check the version of libvncserver", "modified": "2019-03-08T00:00:00", "published": "2014-11-12T00:00:00", "id": "OPENVAS:1361412562310882078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882078", "type": "openvas", "title": "CentOS Update for libvncserver CESA-2014:1826 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvncserver CESA-2014:1826 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882078\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-12 06:24:12 +0100 (Wed, 12 Nov 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for libvncserver CESA-2014:1826 centos6\");\n\n script_tag(name:\"summary\", value:\"Check the version of libvncserver\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"LibVNCServer is a library that allows for easy\ncreation of VNC server or client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's framebuffer\nsetup. A malicious VNC server could use this flaw to cause a VNC client to\ncrash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to '0'. A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\");\n script_tag(name:\"affected\", value:\"libvncserver on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1826\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-November/020747.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.7~7.el6_6.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver-devel\", rpm:\"libvncserver-devel~0.9.7~7.el6_6.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Several vulnerabilities have been\ndiscovered in libvncserver, a library to implement VNC server functionality.\nThese vulnerabilities might result in the execution of arbitrary code or denial\nof service in both the client and the server side.", "modified": "2019-03-18T00:00:00", "published": "2014-11-29T00:00:00", "id": "OPENVAS:1361412562310703081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703081", "type": "openvas", "title": "Debian Security Advisory DSA 3081-1 (libvncserver - security update)", "sourceData": "###########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3081.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3081-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703081\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\",\n \"CVE-2014-6055\");\n script_name(\"Debian Security Advisory DSA 3081-1 (libvncserver - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-29 00:00:00 +0100 (Sat, 29 Nov 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3081.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libvncserver on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 0.9.9+dfsg-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.9.9+dfsg-6.1.\n\nWe recommend that you upgrade your libvncserver packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in libvncserver, a library to implement VNC server functionality.\nThese vulnerabilities might result in the execution of arbitrary code or denial\nof service in both the client and the server side.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.9+dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.9+dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvncserver0-dbg\", ver:\"0.9.9+dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linuxvnc\", ver:\"0.9.9+dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310841989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841989", "type": "openvas", "title": "Ubuntu Update for libvncserver USN-2365-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2365_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libvncserver USN-2365-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841989\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:28 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for libvncserver USN-2365-1\");\n script_tag(name:\"insight\", value:\"Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when\nbeing advertised large screen sizes by the server. If a user were tricked\ninto connecting to a malicious server, an attacker could use this issue to\ncause a denial of service, or possibly execute arbitrary code.\n(CVE-2014-6051, CVE-2014-6052)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled large\nClientCutText messages. A remote attacker could use this issue to cause a\nserver to crash, resulting in a denial of service. (CVE-2014-6053)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling\nfactor values. A remote attacker could use this issue to cause a server to\ncrash, resulting in a denial of service. (CVE-2014-6054)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled memory in the\nfile transfer feature. A remote attacker could use this issue to cause a\nserver to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2014-6055)\");\n script_tag(name:\"affected\", value:\"libvncserver on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"USN\", value:\"2365-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2365-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvncserver'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.8.2-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:12:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Several vulnerabilities have been\ndiscovered in libvncserver, a library to implement VNC server functionality.\nThese vulnerabilities might result in the execution of arbitrary code or denial\nof service in both the client and the server side.", "modified": "2017-08-23T00:00:00", "published": "2014-11-29T00:00:00", "id": "OPENVAS:703081", "href": "http://plugins.openvas.org/nasl.php?oid=703081", "type": "openvas", "title": "Debian Security Advisory DSA 3081-1 (libvncserver - security update)", "sourceData": "###########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3081.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 3081-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#############################################################################\n\nif(description)\n{\n script_id(703081);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\",\n \"CVE-2014-6055\");\n script_name(\"Debian Security Advisory DSA 3081-1 (libvncserver - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-11-29 00:00:00 +0100 (Sat, 29 Nov 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3081.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libvncserver on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 0.9.9+dfsg-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.9.9+dfsg-6.1.\n\nWe recommend that you upgrade your libvncserver packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in libvncserver, a library to implement VNC server functionality.\nThese vulnerabilities might result in the execution of arbitrary code or denial\nof service in both the client and the server side.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvncserver-config\", ver:\"0.9.9+dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver-dev\", ver:\"0.9.9+dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0\", ver:\"0.9.9+dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvncserver0-dbg\", ver:\"0.9.9+dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linuxvnc\", ver:\"0.9.9+dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Check the version of libvncserver", "modified": "2019-03-08T00:00:00", "published": "2014-11-13T00:00:00", "id": "OPENVAS:1361412562310882081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882081", "type": "openvas", "title": "CentOS Update for libvncserver CESA-2014:1826 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvncserver CESA-2014:1826 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882081\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-13 06:29:31 +0100 (Thu, 13 Nov 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for libvncserver CESA-2014:1826 centos7\");\n\n script_tag(name:\"summary\", value:\"Check the version of libvncserver\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"LibVNCServer is a library that allows for easy\ncreation of VNC server or client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's framebuffer\nsetup. A malicious VNC server could use this flaw to cause a VNC client to\ncrash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to '0'. A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\");\n script_tag(name:\"affected\", value:\"libvncserver on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1826\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-November/020758.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.9~9.el7_0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvncserver-devel\", rpm:\"libvncserver-devel~0.9.9~9.el7_0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-5304", "CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "Check the version of krfb", "modified": "2019-03-15T00:00:00", "published": "2014-10-09T00:00:00", "id": "OPENVAS:1361412562310868369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868369", "type": "openvas", "title": "Fedora Update for krfb FEDORA-2014-11464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krfb FEDORA-2014-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868369\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-09 06:00:29 +0200 (Thu, 09 Oct 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2010-5304\",\n \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for krfb FEDORA-2014-11464\");\n script_tag(name:\"summary\", value:\"Check the version of krfb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"krfb on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11464\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"krfb\", rpm:\"krfb~4.11.5~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-11T16:44:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-5304", "CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "The remote host is missing an update for the ", "modified": "2020-02-11T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868353", "type": "openvas", "title": "Fedora Update for libvncserver FEDORA-2014-11537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvncserver FEDORA-2014-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868353\");\n script_version(\"2020-02-11T08:37:57+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-11 08:37:57 +0000 (Tue, 11 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:32 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\",\n \"CVE-2014-6055\", \"CVE-2010-5304\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libvncserver FEDORA-2014-11537\");\n script_tag(name:\"affected\", value:\"libvncserver on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11537\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvncserver'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvncserver\", rpm:\"libvncserver~0.9.10~0.6.20140718git9453be42.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "LibVNCServer is a library that allows for easy creation of VNC server or\nclient functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's framebuffer\nsetup. A malicious VNC server could use this flaw to cause a VNC client to\ncrash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to \"0\". A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2014-11-11T05:00:00", "id": "RHSA-2014:1826", "href": "https://access.redhat.com/errata/RHSA-2014:1826", "type": "redhat", "title": "(RHSA-2014:1826) Moderate: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "The kdenetwork packages contain networking applications for the K Desktop\nEnvironment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork\npackage, is a server application that allows session sharing between users.\nKrfb uses the LibVNCServer library.\n\nA NULL pointer dereference flaw was found in the way LibVNCServer handled\ncertain ClientCutText message. A remote attacker could use this flaw to\ncrash the VNC server by sending a specially crafted ClientCutText message\nfrom a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the scaling\nfactor when it was set to \"0\". A remote attacker could use this flaw to\ncrash the VNC server using a malicious VNC client. (CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nNote: Prior to this update, the kdenetwork packages used an embedded copy\nof the LibVNCServer library. With this update, the kdenetwork packages have\nbeen modified to use the system LibVNCServer packages. Therefore, the\nupdate provided by RHSA-2014:1826 must be installed to fully address the\nissues in krfb described above.\n\nAll kdenetwork users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of the krfb server must be restarted for this update to take\neffect.", "modified": "2018-04-12T03:33:29", "published": "2014-11-11T19:45:20", "id": "RHSA-2014:1827", "href": "https://access.redhat.com/errata/RHSA-2014:1827", "type": "redhat", "title": "(RHSA-2014:1827) Moderate: kdenetwork security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6051", "CVE-2014-6055"], "description": "LibVNCServer is a library that allows for easy creation of VNC server or\nclient functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.\n", "modified": "2016-09-04T02:14:26", "published": "2015-02-02T05:00:00", "id": "RHSA-2015:0113", "href": "https://access.redhat.com/errata/RHSA-2015:0113", "type": "redhat", "title": "(RHSA-2015:0113) Moderate: libvncserver security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side.\n\nA malicious VNC server could advertise a very large screen size (by RFB\nprotocol, width and height are 16-bit integers), resulting in an integer\noverflow during malloc() on client-side. Heap corruption, and possibly\nremote code execution on client-side could ensue.\n\nCVE-2014-6052 Lack of malloc() return value checking on client side.\n\nmalloc() return value was not checked on client-side during framebuffer\nsetup. A malicious VNC server that advertises a large enough screen size\nto make malloc() fail could basically map the framebuffer at address 0,\nand write anything-anywhere in client process memory using selective\nFramebufferUpdate messages. This could certainly turn into remote code\nexecution on client-side.\n\nCVE-2014-6053 Server crash on a very large ClientCutText message.\n\nA malicious client could advertise a very large ClientCutText message\nsize (by RFB protocol, size is encoded on a 32-bit integer). malloc() is\nlikely to fail in that case; as malloc() return value is not checked,\nthis will most likely result in a server crash.\n\nCVE-2014-6054 Server crash when scaling factor is set to zero.\n\nA malicious client could set the scaling factor to 0, which will result\nin a server crash (division by zero).\n\nCVE-2014-6055 Multiple stack overflows in File Transfer feature.\n\n1/ The non-standard file transfer messages (UltraVNC feature) will\nblindly strcpy() client-provided file and directory names into a\nstack-based buffer of size MAX_PATH, resulting in multiple stack-based\nbuffer overflows on server-side.\n\n2/ Client-supplied FileTime attribute is copied into a stack-based\nbuffer of size 64 during rfbFileTransferOffer message parsing, resulting\nin a stack-based buffer overflow on server-side.", "modified": "2014-10-24T00:00:00", "published": "2014-10-24T00:00:00", "id": "ASA-201410-10", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html", "type": "archlinux", "title": "libvncserver: remote code execution, denial of service", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T15:27:57", "description": "Nicolas Ruff discovered that LibVNCServer incorrectly handled memory\nwhen being advertised large screen sizes by the server. If a user were\ntricked into connecting to a malicious server, an attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2014-6051, CVE-2014-6052)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled large\nClientCutText messages. A remote attacker could use this issue to\ncause a server to crash, resulting in a denial of service.\n(CVE-2014-6053)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled zero\nscaling factor values. A remote attacker could use this issue to cause\na server to crash, resulting in a denial of service. (CVE-2014-6054)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled memory\nin the file transfer feature. A remote attacker could use this issue\nto cause a server to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2014-6055).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2014-09-30T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS : libvncserver vulnerabilities (USN-2365-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2014-09-30T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libvncserver0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2365-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2365-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77982);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n script_xref(name:\"USN\", value:\"2365-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : libvncserver vulnerabilities (USN-2365-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nicolas Ruff discovered that LibVNCServer incorrectly handled memory\nwhen being advertised large screen sizes by the server. If a user were\ntricked into connecting to a malicious server, an attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2014-6051, CVE-2014-6052)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled large\nClientCutText messages. A remote attacker could use this issue to\ncause a server to crash, resulting in a denial of service.\n(CVE-2014-6053)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled zero\nscaling factor values. A remote attacker could use this issue to cause\na server to crash, resulting in a denial of service. (CVE-2014-6054)\n\nNicolas Ruff discovered that LibVNCServer incorrectly handled memory\nin the file transfer feature. A remote attacker could use this issue\nto cause a server to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2014-6055).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2365-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libvncserver0\", pkgver:\"0.9.8.2-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libvncserver0\", pkgver:\"0.9.9+dfsg-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:51", "description": "Several vulnerabilities have been discovered in libvncserver, a\nlibrary to implement VNC server functionality. These vulnerabilities\nmight result in the execution of arbitrary code or denial of service\nin both the client and the server side.", "edition": 15, "published": "2014-12-01T00:00:00", "title": "Debian DSA-3081-1 : libvncserver - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2014-12-01T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libvncserver"], "id": "DEBIAN_DSA-3081.NASL", "href": "https://www.tenable.com/plugins/nessus/79629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3081. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79629);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n script_xref(name:\"DSA\", value:\"3081\");\n\n script_name(english:\"Debian DSA-3081-1 : libvncserver - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in libvncserver, a\nlibrary to implement VNC server functionality. These vulnerabilities\nmight result in the execution of arbitrary code or denial of service\nin both the client and the server side.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libvncserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3081\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvncserver packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 0.9.9+dfsg-1+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver-config\", reference:\"0.9.9+dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver-dev\", reference:\"0.9.9+dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver0\", reference:\"0.9.9+dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvncserver0-dbg\", reference:\"0.9.9+dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linuxvnc\", reference:\"0.9.9+dfsg-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:11", "description": "The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-11-25T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2015-11-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvncclient0", "p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncserver0"], "id": "SUSE_SU-2015-2088-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2088-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87064);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=854151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6055/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152088-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc71fd46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-890=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-890=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-890=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"LibVNCServer-debugsource-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvncclient0-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvncclient0-debuginfo-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvncserver0-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvncserver0-debuginfo-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"LibVNCServer-debugsource-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvncclient0-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvncclient0-debuginfo-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvncserver0-0.9.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvncserver0-debuginfo-0.9.9-15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:49:16", "description": "From Red Hat Security Advisory 2014:1826 :\n\nUpdated libvncserver packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nLibVNCServer is a library that allows for easy creation of VNC server\nor client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A\nmalicious VNC server could use this flaw to cause a client to crash\nor, potentially, execute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's\nframebuffer setup. A malicious VNC server could use this flaw to cause\na VNC client to crash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer\nhandled certain ClientCutText message. A remote attacker could use\nthis flaw to crash the VNC server by sending a specially crafted\nClientCutText message from a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the\nscaling factor when it was set to '0'. A remote attacker could use\nthis flaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way\nLibVNCServer handled file transfers. A remote attacker could use this\nflaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAll running applications linked against libvncserver must be restarted\nfor this update to take effect.", "edition": 22, "published": "2014-11-12T00:00:00", "title": "Oracle Linux 6 / 7 : libvncserver (ELSA-2014-1826)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2014-11-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libvncserver", "p-cpe:/a:oracle:linux:libvncserver-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1826.NASL", "href": "https://www.tenable.com/plugins/nessus/79199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1826 and \n# Oracle Linux Security Advisory ELSA-2014-1826 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79199);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n script_xref(name:\"RHSA\", value:\"2014:1826\");\n\n script_name(english:\"Oracle Linux 6 / 7 : libvncserver (ELSA-2014-1826)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1826 :\n\nUpdated libvncserver packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nLibVNCServer is a library that allows for easy creation of VNC server\nor client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A\nmalicious VNC server could use this flaw to cause a client to crash\nor, potentially, execute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's\nframebuffer setup. A malicious VNC server could use this flaw to cause\na VNC client to crash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer\nhandled certain ClientCutText message. A remote attacker could use\nthis flaw to crash the VNC server by sending a specially crafted\nClientCutText message from a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the\nscaling factor when it was set to '0'. A remote attacker could use\nthis flaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way\nLibVNCServer handled file transfers. A remote attacker could use this\nflaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAll running applications linked against libvncserver must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004627.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004629.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvncserver packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libvncserver-0.9.7-7.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libvncserver-devel-0.9.7-7.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-9.el7_0.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-9.el7_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver / libvncserver-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:11", "description": "The libvncserver package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-11-30T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : LibVNCServer (SUSE-SU-2015:2110-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2015-11-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:LibVNCServer"], "id": "SUSE_SU-2015-2110-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2110-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87105);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : LibVNCServer (SUSE-SU-2015:2110-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libvncserver package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6055/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152110-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52af15a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-libvncserver-12227=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-libvncserver-12227=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-libvncserver-12227=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-libvncserver-12227=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-libvncserver-12227=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-libvncserver-12227=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-libvncserver-12227=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libvncserver-12227=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-libvncserver-12227=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:LibVNCServer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"LibVNCServer-0.9.1-156.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:15:07", "description": "Updated libvncserver packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nLibVNCServer is a library that allows for easy creation of VNC server\nor client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A\nmalicious VNC server could use this flaw to cause a client to crash\nor, potentially, execute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's\nframebuffer setup. A malicious VNC server could use this flaw to cause\na VNC client to crash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer\nhandled certain ClientCutText message. A remote attacker could use\nthis flaw to crash the VNC server by sending a specially crafted\nClientCutText message from a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the\nscaling factor when it was set to '0'. A remote attacker could use\nthis flaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way\nLibVNCServer handled file transfers. A remote attacker could use this\nflaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAll running applications linked against libvncserver must be restarted\nfor this update to take effect.", "edition": 27, "published": "2014-11-12T00:00:00", "title": "RHEL 6 / 7 : libvncserver (RHSA-2014:1826)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2014-11-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvncserver-devel", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:libvncserver-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvncserver", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1826.NASL", "href": "https://www.tenable.com/plugins/nessus/79202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1826. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79202);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_xref(name:\"RHSA\", value:\"2014:1826\");\n\n script_name(english:\"RHEL 6 / 7 : libvncserver (RHSA-2014:1826)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvncserver packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nLibVNCServer is a library that allows for easy creation of VNC server\nor client functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A\nmalicious VNC server could use this flaw to cause a client to crash\nor, potentially, execute arbitrary code in the client. (CVE-2014-6051)\n\nA NULL pointer dereference flaw was found in LibVNCServer's\nframebuffer setup. A malicious VNC server could use this flaw to cause\na VNC client to crash. (CVE-2014-6052)\n\nA NULL pointer dereference flaw was found in the way LibVNCServer\nhandled certain ClientCutText message. A remote attacker could use\nthis flaw to crash the VNC server by sending a specially crafted\nClientCutText message from a VNC client. (CVE-2014-6053)\n\nA divide-by-zero flaw was found in the way LibVNCServer handled the\nscaling factor when it was set to '0'. A remote attacker could use\nthis flaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6054)\n\nTwo stack-based buffer overflow flaws were found in the way\nLibVNCServer handled file transfers. A remote attacker could use this\nflaw to crash the VNC server using a malicious VNC client.\n(CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAll running applications linked against libvncserver must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6052\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvncserver, libvncserver-debuginfo and / or\nlibvncserver-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvncserver-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1826\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libvncserver-0.9.7-7.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libvncserver-debuginfo-0.9.7-7.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libvncserver-devel-0.9.7-7.el6_6.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-0.9.9-9.el7_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-0.9.9-9.el7_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-debuginfo-0.9.9-9.el7_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-debuginfo-0.9.9-9.el7_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"libvncserver-devel-0.9.9-9.el7_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvncserver-devel-0.9.9-9.el7_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvncserver / libvncserver-debuginfo / libvncserver-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:58:17", "description": "Nicolas Ruff reports :\n\nInteger overflow in MallocFrameBuffer() on client side.\n\nLack of malloc() return value checking on client side.\n\nServer crash on a very large ClientCutText message.\n\nServer crash when scaling factor is set to zero.\n\nMultiple stack overflows in File Transfer feature.", "edition": 23, "published": "2016-10-12T00:00:00", "title": "FreeBSD : libvncserver -- multiple security vulnerabilities (cb3f036d-8c7f-11e6-924a-60a44ce6887b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2016-10-12T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libvncserver"], "id": "FREEBSD_PKG_CB3F036D8C7F11E6924A60A44CE6887B.NASL", "href": "https://www.tenable.com/plugins/nessus/93990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93990);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n\n script_name(english:\"FreeBSD : libvncserver -- multiple security vulnerabilities (cb3f036d-8c7f-11e6-924a-60a44ce6887b)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nicolas Ruff reports :\n\nInteger overflow in MallocFrameBuffer() on client side.\n\nLack of malloc() return value checking on client side.\n\nServer crash on a very large ClientCutText message.\n\nServer crash when scaling factor is set to zero.\n\nMultiple stack overflows in File Transfer feature.\"\n );\n # http://seclists.org/oss-sec/2014/q3/639\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2014/q3/639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212380\"\n );\n # https://vuxml.freebsd.org/freebsd/cb3f036d-8c7f-11e6-924a-60a44ce6887b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59edd6dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libvncserver<0.9.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:04:40", "description": "The remote host is affected by the vulnerability described in GLSA-201507-07\n(LibVNCServer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibVNCServer. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2015-07-08T00:00:00", "title": "GLSA-201507-07 : LibVNCServer: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2015-07-08T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libvncserver"], "id": "GENTOO_GLSA-201507-07.NASL", "href": "https://www.tenable.com/plugins/nessus/84606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201507-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84606);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n script_xref(name:\"GLSA\", value:\"201507-07\");\n\n script_name(english:\"GLSA-201507-07 : LibVNCServer: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201507-07\n(LibVNCServer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibVNCServer. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201507-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All LibVNCServer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/libvncserver-0.9.10-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/libvncserver\", unaffected:make_list(\"ge 0.9.10-r1\"), vulnerable:make_list(\"lt 0.9.10-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:11", "description": "The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2016-01-04T00:00:00", "title": "SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2016-01-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvncclient0", "p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libvncserver0"], "id": "SUSE_SU-2015-2088-2.NASL", "href": "https://www.tenable.com/plugins/nessus/87721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2088-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87721);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n script_bugtraq_id(70091, 70092, 70093, 70094, 70096);\n\n script_name(english:\"SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=854151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6055/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152088-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3612df3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2015-890=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-890=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"LibVNCServer-debugsource-0.9.9-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvncclient0-0.9.9-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvncclient0-debuginfo-0.9.9-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvncserver0-0.9.9-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvncserver0-debuginfo-0.9.9-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:28:56", "description": "The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.", "edition": 17, "published": "2015-12-16T00:00:00", "title": "openSUSE Security Update : LibVNCServer (openSUSE-2015-851)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "modified": "2015-12-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvncclient0", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:LibVNCServer-devel", "p-cpe:/a:novell:opensuse:LibVNCServer-debugsource", "p-cpe:/a:novell:opensuse:libvncclient0-debuginfo", "p-cpe:/a:novell:opensuse:linuxvnc", "p-cpe:/a:novell:opensuse:libvncserver0-debuginfo", "p-cpe:/a:novell:opensuse:linuxvnc-debuginfo", "p-cpe:/a:novell:opensuse:libvncserver0"], "id": "OPENSUSE-2015-851.NASL", "href": "https://www.tenable.com/plugins/nessus/87389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-851.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87389);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6051\", \"CVE-2014-6052\", \"CVE-2014-6053\", \"CVE-2014-6054\", \"CVE-2014-6055\");\n\n script_name(english:\"openSUSE Security Update : LibVNCServer (openSUSE-2015-851)\");\n script_summary(english:\"Check for the openSUSE-2015-851 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The LibVNCServer package was updated to fix the following security\nissues :\n\n - bsc#897031: fix several security issues :\n\n - CVE-2014-6051: Integer overflow in MallocFrameBuffer()\n on client side.\n\n - CVE-2014-6052: Lack of malloc() return value checking on\n client side.\n\n - CVE-2014-6053: Server crash on a very large\n ClientCutText message.\n\n - CVE-2014-6054: Server crash when scaling factor is set\n to zero.\n\n - CVE-2014-6055: Multiple stack overflows in File Transfer\n feature.\n\n - bsc#854151: Restrict the SSL cipher suite.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=854151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=897031\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected LibVNCServer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:LibVNCServer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvncserver0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:linuxvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:linuxvnc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"LibVNCServer-debugsource-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"LibVNCServer-devel-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvncclient0-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvncclient0-debuginfo-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvncserver0-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvncserver0-debuginfo-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"linuxvnc-0.9.9-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"linuxvnc-debuginfo-0.9.9-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibVNCServer-debugsource / LibVNCServer-devel / libvncclient0 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:14:33", "description": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.", "edition": 8, "cvss3": {}, "published": "2014-09-30T16:55:00", "title": "CVE-2014-6051", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6051"], "modified": "2020-10-23T13:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/a:libvncserver:libvncserver:0.9.9", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server_eus:6.5.z", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2014-6051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6051", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*", "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:33", "description": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.", "edition": 8, "cvss3": {}, "published": "2014-09-30T16:55:00", "title": "CVE-2014-6055", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6055"], "modified": "2020-10-23T13:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/a:libvncserver:libvncserver:0.9.9", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server_eus:6.5.z", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-6055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6055", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*", "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:33", "description": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.", "edition": 11, "cvss3": {}, "published": "2014-12-15T18:59:00", "title": "CVE-2014-6053", "type": "cve", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6053"], "modified": "2020-10-23T13:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libvncserver:libvncserver:0.9.9", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-6053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6053", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:33", "description": "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.", "edition": 8, "cvss3": {}, "published": "2014-12-15T18:59:00", "title": "CVE-2014-6052", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6052"], "modified": "2020-10-23T13:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libvncserver:libvncserver:0.9.9", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:oracle:solaris:11.3", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-6052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6052", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:33", "description": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.", "edition": 8, "cvss3": {}, "published": "2014-10-06T14:55:00", "title": "CVE-2014-6054", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6054"], "modified": "2020-10-23T13:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libvncserver:libvncserver:0.9.9", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-6054", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6054", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5304", "CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "Runtime libraries for krfb. ", "modified": "2014-10-08T19:11:38", "published": "2014-10-08T19:11:38", "id": "FEDORA:06C162298D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: krfb-4.11.5-4.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5304", "CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. ", "modified": "2014-10-01T04:23:42", "published": "2014-10-01T04:23:42", "id": "FEDORA:5D9AA20CAD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update:\n libvncserver-0.9.10-0.6.20140718git9453be42.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5304", "CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. ", "modified": "2014-10-04T03:25:16", "published": "2014-10-04T03:25:16", "id": "FEDORA:ABDAD22CD4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update:\n libvncserver-0.9.10-0.6.20140718git9453be42.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5304", "CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055"], "description": "LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. ", "modified": "2014-09-29T04:06:45", "published": "2014-09-29T04:06:45", "id": "FEDORA:8D0C920FF8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update:\n libvncserver-0.9.10-0.6.20140718git9453be42.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:02:58", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2011-0904", "CVE-2014-6055", "CVE-2011-0905", "CVE-2014-6052", "CVE-2014-6051", "CVE-2014-6054"], "description": "[0.9.7-7.1]\n- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157668)\n- Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup)\n (bug #1157668)\n- Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message\n handling) (bug #1157668)\n- Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling)\n (bug #1157668)\n- Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer\n handling) (bug #1157668)\n[0.9.7-7]\n- Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not\n vulnerable (bug #696767)\n[0.9.7-6]\n- Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767)\n[0.9.7-5]\n- Fix CVE-2011-0904 (bug #696767)\n- Fix CVE-2011-0905 (bug #696767)", "edition": 5, "modified": "2014-11-11T00:00:00", "published": "2014-11-11T00:00:00", "id": "ELSA-2014-1826", "href": "http://linux.oracle.com/errata/ELSA-2014-1826.html", "title": "libvncserver security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:13:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6053", "CVE-2014-6055", "CVE-2014-6054"], "description": "[7:4.10.5-8]\n- Resolves: CVE-2014-6055", "edition": 5, "modified": "2014-11-11T00:00:00", "published": "2014-11-11T00:00:00", "id": "ELSA-2014-1827", "href": "http://linux.oracle.com/errata/ELSA-2014-1827.html", "title": "kdenetwork security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-10-20T21:12:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20022", "CVE-2018-20020", "CVE-2016-9941", "CVE-2019-15681", "CVE-2018-7225", "CVE-2018-20021", "CVE-2018-15127", "CVE-2014-6053", "CVE-2018-20750", "CVE-2018-20024", "CVE-2018-20749", "CVE-2014-6055", "CVE-2014-6052", "CVE-2014-6051", "CVE-2018-20019", "CVE-2016-9942", "CVE-2018-20748", "CVE-2014-6054", "CVE-2018-20023"], "description": "Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors \nand didn't check malloc return values. A remote attacker could use these issues \nto cause a denial of service or possibly execute arbitrary code. \n(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)\n\nJosef Gajdusek discovered that iTALC had heap-based buffer overflow \nvulnerabilities. A remote attacker could used these issues to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)\n\nIt was discovered that iTALC had an out-of-bounds write, multiple heap \nout-of-bounds writes, an infinite loop, improper initializations, and null \npointer vulnerabilities. A remote attacker could used these issues to cause a \ndenial of service or possibly execute arbitrary code. (CVE-2018-15127, \nCVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, \nCVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, \nCVE-2019-15681)", "edition": 1, "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "USN-4587-1", "href": "https://ubuntu.com/security/notices/USN-4587-1", "title": "iTALC vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-07T19:02:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14404", "CVE-2019-15681", "CVE-2018-7225", "CVE-2020-14397", "CVE-2014-6053", "CVE-2020-14403", "CVE-2020-14402"], "description": "Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText \nmessages. A remote attacker could use this issue to cause the server to \ncrash, resulting in a denial of service. (CVE-2014-6053)\n\nIt was discovered that Vino incorrectly handled certain packet lengths. A \nremote attacker could possibly use this issue to obtain sensitive \ninformation, cause a denial of service, or execute arbitrary code. \n(CVE-2018-7225)\n\nPavel Cheremushkin discovered that an information disclosure vulnerability \nexisted in Vino when sending a ServerCutText message. An attacker could \npossibly use this issue to expose sensitive information. (CVE-2019-15681)\n\nIt was discovered that Vino incorrectly handled region clipping. A remote \nattacker could possibly use this issue to cause Vino to crash, resulting in \na denial of service. (CVE-2020-14397)\n\nIt was discovered that Vino incorrectly handled encodings. A remote \nattacker could use this issue to cause Vino to crash, resulting in a denial \nof service, or possibly execute arbitrary code. (CVE-2020-14402, \nCVE-2020-14403, CVE-2020-14404)", "edition": 1, "modified": "2020-10-07T00:00:00", "published": "2020-10-07T00:00:00", "id": "USN-4573-1", "href": "https://ubuntu.com/security/notices/USN-4573-1", "title": "Vino vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
