Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659560 (CVE-2018-7225, CVE-2018-7226) - <net-libs/libvncserver-0.9.12: multiple vulnerabilities
Summary: <net-libs/libvncserver-0.9.12: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-7225, CVE-2018-7226
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/LibVNC/libvncserve...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-29 04:04 UTC by D'juan McDonald (domhnall)
Modified: 2019-08-09 20:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-06-29 04:04:22 UTC
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

References:
http://www.openwall.com/lists/oss-security/2018/02/18/1
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee


Gentoo Security Padawan
domhnall
Comment 1 D'juan McDonald (domhnall) 2018-06-29 04:34:55 UTC
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.


Reference:
https://github.com/LibVNC/vncterm/issues/6
Comment 2 Larry the Git Cow gentoo-dev 2019-01-17 21:21:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fbd9dd57d76b333b4c75791b1590f5ee09119f1

commit 4fbd9dd57d76b333b4c75791b1590f5ee09119f1
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2019-01-15 21:40:20 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2019-01-17 21:21:30 +0000

    net-libs/libvncserver: Version bump, security bug #659560 and #673508
    
    Bug: https://bugs.gentoo.org/659560
    Bug: https://bugs.gentoo.org/673508
    Closes: https://bugs.gentoo.org/435326
    Closes: https://bugs.gentoo.org/675046
    Signed-off-by: Sven Wegener <swegener@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libvncserver/Manifest                     |  1 +
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 22 +++++++
 net-libs/libvncserver/libvncserver-0.9.12.ebuild   | 72 ++++++++++++++++++++++
 3 files changed, 95 insertions(+)
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2019-04-27 19:09:03 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 4 Alexander Tsoy 2019-07-28 22:02:05 UTC
Cleanup done in 61a66db5451e859c3cc01853ba5a5737c2157147
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2019-08-09 20:46:01 UTC
This issue was resolved and addressed in
 GLSA 201908-05 at https://security.gentoo.org/glsa/201908-05
by GLSA coordinator Aaron Bauman (b-man).