BID:106820

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

Info

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

Bugtraq ID:	106820
Class:	Design Error
CVE:	CVE-2018-15127
Remote:	Yes
Local:	No
Published:	Dec 19 2018 12:00AM
Updated:	Dec 19 2018 12:00AM
Credit:	Pavel Cheremushkin
Vulnerable:	Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Redhat Enterprise Linux Workstation 7 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.6 Redhat Enterprise Linux Server - Extended Update Support 7.6 Redhat Enterprise Linux Server 7 Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.6 Redhat Enterprise Linux for Power, little endian 7 Redhat Enterprise Linux for Power 9 7 Redhat Enterprise Linux for ARM 64 7 Redhat Enterprise Linux Desktop 7 LibVNCServer LibVNCServer 0.9.11 LibVNCServer LibVNCServer 0.9.10 LibVNCServer LibVNCServer 0.9.9 LibVNCServer LibVNCServer 0.9.8

Not Vulnerable:	LibVNCServer LibVNCServer 0.9.12

Discussion

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

LibVNCServer is prone to a heap-based buffer overflow vulnerability.

Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.

Versions prior to LibVNCServer 0.9.12 are vulnerable.

Exploit / POC

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability

References: