Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892347
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for libvncserver (DLA-2347-1)
Summary:The remote host is missing an update for the 'libvncserver'; package(s) announced via the DLA-2347-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libvncserver'
package(s) announced via the DLA-2347-1 advisory.

Vulnerability Insight:
Several minor vulnerabilities have been discovered in libvncserver, a
server and client implementation of the VNC protocol.

CVE-2019-20839

libvncclient/sockets.c in LibVNCServer had a buffer overflow via a
long socket filename.

CVE-2020-14397

libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14399

Byte-aligned data was accessed through uint32_t pointers in
libvncclient/rfbproto.c.

NOTE: This issue has been disputed by third parties, there is
reportedly 'no trust boundary crossed'.

CVE-2020-14400

Byte-aligned data was accessed through uint16_t pointers in
libvncserver/translate.c.

NOTE: This issue has been disputed by third parties. There is no
known path of exploitation or cross of a trust boundary.

CVE-2020-14401

libvncserver/scale.c had a pixel_value integer overflow.

CVE-2020-14402

libvncserver/corre.c allowed out-of-bounds access via encodings.

CVE-2020-14403

libvncserver/hextile.c allowed out-of-bounds access via encodings.

CVE-2020-14404

libvncserver/rre.c allowed out-of-bounds access via encodings.

CVE-2020-14405

libvncclient/rfbproto.c did not limit TextChat size.

Affected Software/OS:
'libvncserver' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
0.9.11+dfsg-1.3~
deb9u5.

We recommend that you upgrade your libvncserver packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-20839
Common Vulnerability Exposure (CVE) ID: CVE-2020-14397
Common Vulnerability Exposure (CVE) ID: CVE-2020-14399
Common Vulnerability Exposure (CVE) ID: CVE-2020-14400
Common Vulnerability Exposure (CVE) ID: CVE-2020-14401
Common Vulnerability Exposure (CVE) ID: CVE-2020-14402
Common Vulnerability Exposure (CVE) ID: CVE-2020-14403
Common Vulnerability Exposure (CVE) ID: CVE-2020-14404
Common Vulnerability Exposure (CVE) ID: CVE-2020-14405
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.