Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2146.NASLHistoryMar 18, 2020 - 12:00 a.m.
Debian DLA-2146-1 : libvncserver security update
2020-03-1800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
AI Score
9.2
Confidence
High
In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin.
For Debian 8 ‘Jessie’, this problem has been fixed in version 0.9.9+dfsg2-6.1+deb8u7.
We recommend that you upgrade your libvncserver packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2146-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134633);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/21");
script_cve_id("CVE-2019-15690");
script_xref(name:"IAVA", value:"2020-A-0381");
script_name(english:"Debian DLA-2146-1 : libvncserver security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"In libvncserver, through libvncclient/cursor.c, there is a possibility
of a heap overflow, as reported by Pavel Cheremushkin.
For Debian 8 'Jessie', this problem has been fixed in version
0.9.9+dfsg2-6.1+deb8u7.
We recommend that you upgrade your libvncserver packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/03/msg00019.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libvncserver");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncclient0-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncserver-config");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncserver-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncserver0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvncserver0-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linuxvnc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"libvncclient0", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libvncclient0-dbg", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libvncserver-config", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libvncserver-dev", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libvncserver0", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libvncserver0-dbg", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"linuxvnc", reference:"0.9.9+dfsg2-6.1+deb8u7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | libvncclient0 | p-cpe:/a:debian:debian_linux:libvncclient0 |
| debian | debian_linux | libvncclient0-dbg | p-cpe:/a:debian:debian_linux:libvncclient0-dbg |
| debian | debian_linux | libvncserver-config | p-cpe:/a:debian:debian_linux:libvncserver-config |
| debian | debian_linux | libvncserver-dev | p-cpe:/a:debian:debian_linux:libvncserver-dev |
| debian | debian_linux | libvncserver0 | p-cpe:/a:debian:debian_linux:libvncserver0 |
| debian | debian_linux | libvncserver0-dbg | p-cpe:/a:debian:debian_linux:libvncserver0-dbg |
| debian | debian_linux | linuxvnc | p-cpe:/a:debian:debian_linux:linuxvnc |
| debian | debian_linux | 8.0 | cpe:/o:debian:debian_linux:8.0 |
Related
nessus
nessus
Amazon Linux 2 : libvncserver (ALAS-2020-1411)
2020-04-24 00:00:00
Scientific Linux Security Update : libvncserver on SL7.x x86_64 (20200323)
2020-03-24 00:00:00
Oracle Linux 7 : libvncserver (ELSA-2020-0913)
2020-03-26 00:00:00
oraclelinux
oraclelinux
libvncserver security update
2020-03-23 00:00:00
libvncserver security update
2020-03-26 00:00:00
GNOME security, bug fix, and enhancement update
2020-05-05 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0164)
2022-01-28 00:00:00
CentOS: Security Advisory for libvncserver (CESA-2020:0913)
2020-03-26 00:00:00
Huawei EulerOS: Security Advisory for libvncserver (EulerOS-SA-2020-1925)
2020-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2019-15690
2019-12-31 00:00:00
CVE-2019-20788
2020-04-23 00:00:00
debian
debian
[SECURITY] [DLA 2146-1] libvncserver security update
2020-03-17 19:43:31
amazon
amazon
Important: libvncserver
2020-04-20 20:47:00
cve
cve
CVE-2019-15690
2022-02-25 11:31:58
CVE-2019-20788
2020-04-23 19:15:12
debiancve
debiancve
CVE-2019-15690
2022-02-25 11:31:58
CVE-2019-20788
2020-04-23 19:15:12
redhatcve
redhatcve
CVE-2019-15690
2020-03-10 10:10:54
CVE-2019-20788
2020-04-30 14:10:03
mageia
mageia
Updated libvncserver packages fix security vulnerability
2020-04-15 13:12:14
prion
prion
Integer overflow
2020-04-23 19:15:00
centos
centos
libvncserver security update
2020-03-25 19:16:12
osv
osv
libvncserver - security update
2020-03-18 00:00:00
CVE-2019-20788
2020-04-23 19:15:00
redhat
redhat
(RHSA-2020:0913) Important: libvncserver security update
2020-03-23 07:28:10
(RHSA-2020:0920) Important: libvncserver security update
2020-03-23 08:01:21
(RHSA-2020:0921) Important: libvncserver security update
2020-03-23 08:01:22
nvd
nvd
CVE-2019-20788
2020-04-23 19:15:12
alpinelinux
alpinelinux
CVE-2019-20788
2020-04-23 19:15:00
cvelist
cvelist
CVE-2019-20788
2020-04-23 18:06:55
suse
suse
Security update for LibVNCServer (important)
2020-05-11 00:00:00
ubuntu
ubuntu
LibVNCServer vulnerabilities
2020-07-01 00:00:00
ics
ics
Siemens SIMATIC ITC
2021-12-16 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1900
2021-07-02 17:22:34