Bug 1120119 - (CVE-2018-20023) VUL-0: CVE-2018-20023: LibVNCServer: Improper initialization in VNC Repeater client code allows for information disclosure
(CVE-2018-20023)
VUL-0: CVE-2018-20023: LibVNCServer: Improper initialization in VNC Repeater ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/221464/
CVSSv3:RedHat:CVE-2018-20023:4.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-20 17:56 UTC by Alexander Bergmann
Modified: 2019-04-29 10:16 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-12-20 17:56:05 UTC
rh#1661128 / CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

External Reference:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/

Upstream Patch:
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1661128
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20023
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20023.html
Comment 1 Alexander Bergmann 2018-12-20 17:58:15 UTC
openSUSE x11vnc is also affected.
Comment 2 Petr Gajdos 2019-01-03 15:47:39 UTC
12,15/LibVNCServer affected, 11/LibVNCServer not affected (no ConnectToRFBRepeater() code).
Comment 3 Petr Gajdos 2019-01-03 16:36:57 UTC
Submitted also to devel project as 0.9.12 is not out yet (sr#662702).

I believe all fixed.
Comment 5 Swamp Workflow Management 2019-01-10 20:10:35 UTC
SUSE-SU-2019:0060-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122
CVE References: CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307
Sources used:
SUSE OpenStack Cloud 7 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-SP4 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-SP3 (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    LibVNCServer-0.9.9-17.8.1
SUSE Linux Enterprise Server 12-LTSS (src):    LibVNCServer-0.9.9-17.8.1
SUSE Enterprise Storage 4 (src):    LibVNCServer-0.9.9-17.8.1
Comment 6 Swamp Workflow Management 2019-01-11 14:50:25 UTC
This is an autogenerated message for OBS integration:
This bug (1120119) was mentioned in
https://build.opensuse.org/request/show/664669 Factory / LibVNCServer
Comment 7 Swamp Workflow Management 2019-01-11 20:12:10 UTC
SUSE-SU-2019:0080-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122
CVE References: CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    LibVNCServer-0.9.10-4.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    LibVNCServer-0.9.10-4.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    LibVNCServer-0.9.10-4.3.1
Comment 8 Swamp Workflow Management 2019-01-12 02:16:15 UTC
openSUSE-SU-2019:0045-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122
CVE References: CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307
Sources used:
openSUSE Leap 42.3 (src):    LibVNCServer-0.9.9-16.6.1
Comment 9 Swamp Workflow Management 2019-01-17 23:10:31 UTC
openSUSE-SU-2019:0053-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122
CVE References: CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307
Sources used:
openSUSE Leap 15.0 (src):    LibVNCServer-0.9.10-lp150.3.3.1
Comment 10 Marcus Meissner 2019-01-29 07:41:11 UTC
released
Comment 11 Swamp Workflow Management 2019-04-29 10:16:21 UTC
SUSE-SU-2019:0060-2: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122
CVE References: CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    LibVNCServer-0.9.9-17.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.