LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
BID:106825
CVE-2018-20749 | CVE-2018-20750 |Info
LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
| Bugtraq ID: | 106825 |
| Class: | Design Error |
| CVE: |
CVE-2018-20749 CVE-2018-20750 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2019 12:00AM |
| Updated: | Jan 31 2019 12:00AM |
| Credit: | Solar Designer |
| Vulnerable: |
Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Redhat Enterprise Linux Workstation 7 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.6 Redhat Enterprise Linux Server - Extended Update Support 7.6 Redhat Enterprise Linux Server 7 Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.6 Redhat Enterprise Linux for Power, little endian 7 Redhat Enterprise Linux for Power 9 7 Redhat Enterprise Linux for ARM 64 7 Redhat Enterprise Linux Desktop 7 LibVNCServer LibVNCServer 0.9.11 LibVNCServer LibVNCServer 0.9.10 LibVNCServer LibVNCServer 0.9.9 LibVNCServer LibVNCServer 0.9.8 |
| Not Vulnerable: |
LibVNCServer LibVNCServer 0.9.12 |
Discussion
LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.
Versions prior to LibVNCServer 0.9.12 are vulnerable.
Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability).
LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.
Versions prior to LibVNCServer 0.9.12 are vulnerable.
Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability).
Exploit / POC
LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities
References:
References:
- LibVNCServer Homepage (Libvnc)
- Error out in rfbProcessFileTransferReadBuffer if length can not be al�?� ()
- Limit lenght to INT_MAX bytes in rfbProcessFileTransferReadBuffer() ()
- USN-3877-1: LibVNCServer vulnerabilities ()
- [SECURITY] [DLA 1652-1] libvncserver security update ()
- CVE-2018-20749 ()
- CVE-2018-20750 ()
- libvnc and tightvnc vulnerabilities ()
- SECURITY: malloc((uint64_t)length + 1) is unsafe, especially on 32-bit systems ()