Debian LTS: DLA-1979-1: italc security update

    Date30 Oct 2019
    CategoryDebian LTS
    659
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been identified in the VNC code of iTALC, a classroom management software. All vulnerabilities referenced below are issues that have originally been reported against Debian source package
    Package        : italc
    Version        : 1:2.0.2+dfsg1-2+deb8u1
    CVE ID         : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054
                     CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307
                     CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019
                     CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023
                     CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750
                     CVE-2019-15681
    
    
    Several vulnerabilities have been identified in the VNC code of iTALC, a
    classroom management software. All vulnerabilities referenced below are
    issues that have originally been reported against Debian source package
    libvncserver. The italc source package in Debian ships a custom-patched
    version of libvncserver, thus libvncserver's security fixes required
    porting over.
    
    CVE-2014-6051
    
        Integer overflow in the MallocFrameBuffer function in vncviewer.c in
        LibVNCServer allowed remote VNC servers to cause a denial of service
        (crash) and possibly executed arbitrary code via an advertisement for
        a large screen size, which triggered a heap-based buffer overflow.
    
    CVE-2014-6052
    
        The HandleRFBServerMessage function in libvncclient/rfbproto.c in
        LibVNCServer did not check certain malloc return values, which
        allowed remote VNC servers to cause a denial of service (application
        crash) or possibly execute arbitrary code by specifying a large
        screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3)
        PalmVNCReSizeFrameBuffer message.
    
    CVE-2014-6053
    
        The rfbProcessClientNormalMessage function in
        libvncserver/rfbserver.c in LibVNCServer did not properly handle
        attempts to send a large amount of ClientCutText data, which allowed
        remote attackers to cause a denial of service (memory consumption or
        daemon crash) via a crafted message that was processed by using a
        single unchecked malloc.
    
    CVE-2014-6054
    
        The rfbProcessClientNormalMessage function in
        libvncserver/rfbserver.c in LibVNCServer allowed remote attackers to
        cause a denial of service (divide-by-zero error and server crash) via
        a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or
        (2) SetScale message.
    
    CVE-2014-6055
    
        Multiple stack-based buffer overflows in the File Transfer feature in
        rfbserver.c in LibVNCServer allowed remote authenticated users to
        cause a denial of service (crash) and possibly execute arbitrary code
        via a (1) long file or (2) directory name or the (3) FileTime
        attribute in a rfbFileTransferOffer message.
    
    CVE-2016-9941
    
        Heap-based buffer overflow in rfbproto.c in LibVNCClient in
        LibVNCServer allowed remote servers to cause a denial of service
        (application crash) or possibly execute arbitrary code via a crafted
        FramebufferUpdate message containing a subrectangle outside of the
        client drawing area.
    
    CVE-2016-9942
    
        Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
        allowed remote servers to cause a denial of service (application
        crash) or possibly execute arbitrary code via a crafted
        FramebufferUpdate message with the Ultra type tile, such that the LZO
        payload decompressed length exceeded what is specified by the tile
        dimensions.
    
    CVE-2018-6307
    
        LibVNC contained heap use-after-free vulnerability in server code of
        file transfer extension that can result remote code execution.
    
    CVE-2018-7225
    
        An issue was discovered in LibVNCServer.
        rfbProcessClientNormalMessage() in rfbserver.c did not sanitize
        msg.cct.length, leading to access to uninitialized and potentially
        sensitive data or possibly unspecified other impact (e.g., an integer
        overflow) via specially crafted VNC packets.
    
    CVE-2018-15126
    
        LibVNC contained heap use-after-free vulnerability in server code of
        file transfer extension that can result remote code execution.
    
    CVE-2018-15127
    
        LibVNC contained heap out-of-bound write vulnerability in server code
        of file transfer extension that can result remote code execution
    
    CVE-2018-20749
    
        LibVNC contained a heap out-of-bounds write vulnerability in
        libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
    
    CVE-2018-20750
    
        LibVNC contained a heap out-of-bounds write vulnerability in
        libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
    
    CVE-2018-20019
    
        LibVNC contained multiple heap out-of-bound write vulnerabilities in
        VNC client code that can result remote code execution
    
    CVE-2018-20748
    
        LibVNC contained multiple heap out-of-bounds write vulnerabilities in
        libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
    
    CVE-2018-20020
    
        LibVNC contained heap out-of-bound write vulnerability inside
        structure in VNC client code that can result remote code execution
    
    CVE-2018-20021
    
        LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client
        code. Vulnerability allows attacker to consume excessive amount of
        resources like CPU and RAM
    
    CVE-2018-20022
    
        LibVNC contained multiple weaknesses CWE-665: Improper Initialization
        vulnerability in VNC client code that allowed attackers to read stack
        memory and could be abused for information disclosure. Combined with
        another vulnerability, it could be used to leak stack memory layout
        and in bypassing ASLR.
    
    CVE-2018-20023
    
        LibVNC contained CWE-665: Improper Initialization vulnerability in
        VNC Repeater client code that allowed attacker to read stack memory
        and could be abused for information disclosure. Combined with another
        vulnerability, it could be used to leak stack memory layout and in
        bypassing ASLR.
    
    CVE-2018-20024
    
        LibVNC contained null pointer dereference in VNC client code that
        could result DoS.
    
    CVE-2019-15681
    
        LibVNC contained a memory leak (CWE-655) in VNC server code, which
        allowed an attacker to read stack memory and could be abused for
        information disclosure. Combined with another vulnerability, it could
        be used to leak stack memory and bypass ASLR. This attack appeared to
        be exploitable via network connectivity.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1:2.0.2+dfsg1-2+deb8u1.
    
    We recommend that you upgrade your italc packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    
    mike gabriel aka sunweaver (Debian Developer)
    fon: +49 (1520) 1976 148
    
    GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
    mail: This email address is being protected from spambots. You need JavaScript enabled to view it., http://sunweavers.net
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.