Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892264
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for libvncserver (DLA-2264-1)
Summary:The remote host is missing an update for the 'libvncserver'; package(s) announced via the DLA-2264-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libvncserver'
package(s) announced via the DLA-2264-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an
implemenantation of the VNC server and client protocol.

CVE-2019-20839

libvncclient/sockets.c in LibVNCServer had a buffer overflow via a
long socket filename.

CVE-2020-14397

libvncserver/rfbregion.c had a NULL pointer dereference.

CVE-2020-14399

Byte-aligned data was accessed through uint32_t pointers in
libvncclient/rfbproto.c.

CVE-2020-14400

Byte-aligned data was accessed through uint16_t pointers in
libvncserver/translate.c.

CVE-2020-14401

libvncserver/scale.c had a pixel_value integer overflow.

CVE-2020-14402

libvncserver/corre.c allowed out-of-bounds access via encodings.

CVE-2020-14403

libvncserver/hextile.c allowed out-of-bounds access via encodings.

CVE-2020-14404

libvncserver/rre.c allowed out-of-bounds access via encodings.

CVE-2020-14405

libvncclient/rfbproto.c does not limit TextChat size.

Affected Software/OS:
'libvncserver' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
0.9.9+dfsg2-6.1+deb8u8.

We recommend that you upgrade your libvncserver packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-20839
Common Vulnerability Exposure (CVE) ID: CVE-2020-14397
Common Vulnerability Exposure (CVE) ID: CVE-2020-14399
Common Vulnerability Exposure (CVE) ID: CVE-2020-14400
Common Vulnerability Exposure (CVE) ID: CVE-2020-14401
Common Vulnerability Exposure (CVE) ID: CVE-2020-14402
Common Vulnerability Exposure (CVE) ID: CVE-2020-14403
Common Vulnerability Exposure (CVE) ID: CVE-2020-14404
Common Vulnerability Exposure (CVE) ID: CVE-2020-14405
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.