LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
BID:106823
Info
LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
| Bugtraq ID: | 106823 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-20748 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 10 2018 12:00AM |
| Updated: | Dec 10 2018 12:00AM |
| Credit: | Solar Designer |
| Vulnerable: |
Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 LibVNCServer LibVNCServer 0.9.11 LibVNCServer LibVNCServer 0.9.10 LibVNCServer LibVNCServer 0.9.9 LibVNCServer LibVNCServer 0.9.8 |
| Not Vulnerable: |
LibVNCServer LibVNCServer 0.9.12 |
Discussion
LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
LibVNCServer is prone to a local heap-based buffer-overflow vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition.
Note: This issue is the result of an incomplete fix for issue CVE-2018-20019 described in 106821 (LibVNCServer CVE-2018-20019 Multiple Heap Buffer Overflow Vulnerabilities).
LibVNCServer is prone to a local heap-based buffer-overflow vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition.
Note: This issue is the result of an incomplete fix for issue CVE-2018-20019 described in 106821 (LibVNCServer CVE-2018-20019 Multiple Heap Buffer Overflow Vulnerabilities).
Exploit / POC
LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
LibVNCServer CVE-2018-20748 Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
References:
References:
- LibVNCServer Homepage (Libvnc)
- LibVNCClient: fail on server-sent desktop name lengths longer than 1MB ()
- LibVNCClient: ignore server-sent cut text longer than 1MB ()
- LibVNCClient: ignore server-sent reason strings longer than 1MB ()
- LibVNCClient: remove now-useless cast ()
- SECURITY: malloc((uint64_t)length + 1) is unsafe, especially on 32-bit systems ()
- USN-3877-1: LibVNCServer vulnerabilities ()
- [SECURITY] [DLA 1652-1] libvncserver security update ()
- libvnc and tightvnc vulnerabilities ()