 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.2.2019.1096 |
| Category: | Huawei EulerOS Local Security Checks |
| Title: | Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2019-1096) |
| Summary: | The remote host is missing an update for the Huawei EulerOS 'libvncserver' package(s) announced via the EulerOS-SA-2019-1096 advisory. |
| Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'libvncserver' package(s) announced via the EulerOS-SA-2019-1096 advisory. Vulnerability Insight: LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.(CVE-2018-20748) LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.(CVE-2018-20749) LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.(CVE-2018-20750) LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution(CVE-2018-20020) LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.(CVE-2018-6307) LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution(CVE-2018-15126) LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution(CVE-2018-20019) LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR(CVE-2018-20022) LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.(CVE-2018-20024) Affected Software/OS: 'libvncserver' package(s) on Huawei EulerOS V2.0SP3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-15126 Debian Security Information: DSA-4383 (Google Search) https://www.debian.org/security/2019/dsa-4383 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20019 https://security.gentoo.org/glsa/201908-05 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://usn.ubuntu.com/4547-1/ https://usn.ubuntu.com/4587-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20020 https://security.gentoo.org/glsa/202006-06 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://usn.ubuntu.com/4547-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20022 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html Common Vulnerability Exposure (CVE) ID: CVE-2018-20024 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20748 https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c https://github.com/LibVNC/libvncserver/issues/273 https://www.openwall.com/lists/oss-security/2018/12/10/8 Common Vulnerability Exposure (CVE) ID: CVE-2018-20749 BugTraq ID: 106825 http://www.securityfocus.com/bid/106825 https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 Common Vulnerability Exposure (CVE) ID: CVE-2018-20750 https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec Common Vulnerability Exposure (CVE) ID: CVE-2018-6307 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/ |
| Copyright | Copyright (C) 2020 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |