Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 2045-1] tightvnc security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'tightvnc' package(s) announced via the DSA-2045-1 advisory.
Insight
Insight
Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix. CVE-2014-6053 The rfbProcessClientNormalMessage function in rfbserver.c in TightVNC server did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc. CVE-2018-7225 rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2019-8287 TightVNC code contained global buffer overflow in HandleCoRREBBP macro function, which could potentially have result in code execution. This attack appeared to be exploitable via network connectivity. (aka CVE-2018-20020/libvncserver) CVE-2018-20021 TightVNC in vncviewer/rfbproto.c contained a CWE-835: Infinite loop vulnerability. The vulnerability allowed an attacker to consume an excessive amount of resources like CPU and RAM. CVE-2018-20022 TightVNC's vncviewer contained multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allowed attackers to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory layout and in bypassing ASLR. CVE-2019-15678 TightVNC code version contained heap buffer overflow in rfbServerCutText handler, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15679 TightVNC's vncviewer code contained a heap buffer overflow in InitialiseRFBConnection function, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15680 TightVNC's vncviewer code contained a null pointer dereference in HandleZlibBPP function, which could have resulted in Denial of System (DoS). This attack appeared to be exploitable via network connectivity. CVE-2019-15681 TightVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could have been abused for information disclosure. Combined with another vulnerability, it could have been used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity.
Affected Software
Affected Software
'tightvnc' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 1.3.9-6.5+deb8u1. We recommend that you upgrade your tightvnc packages.