SB2021052205 - Red Hat Enterprise Linux 8 update for libvncserver 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052205

SB2021052205 - Red Hat Enterprise Linux 8 update for libvncserver

Published: May 22, 2021

Security Bulletin ID SB2021052205
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2018-21247)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak within the ConnectToRFBRepeater() function in  libvncclient/rfbproto.c. A remote attacker can trick the victim to connect to a malicious VNC server, trigger the memory leak and gain access to sensitive information on the client's system.


2) Buffer overflow (CVE-ID: CVE-2019-20839)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary when processing long socket filename in libvncclient/sockets.c in LibVNCServer. A remote attacker can rick the victim to connect to server using a specially crafted configuration file, trigger buffer overflow and execute arbitrary code on the target system.


3) NULL pointer dereference (CVE-ID: CVE-2020-14397)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libvncserver/rfbregion.c. A remote attacker can perform a denial of service (DoS) attack.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2020-14405)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in libvncclient/rfbproto.c due to LibVNCServer does not limit TextChat size.A remote attacker who controls a malicious VNC server can send large amounts of data to the client application and perform a denial of service (DoS) attack.


5) Division by zero (CVE-ID: CVE-2020-25708)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide by zero error when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. A remote attacker can pass specially crafted file to the application and crash it.


Remediation

Install update from vendor's website.

References