CVE-2018-15126
published 2018-12-19CVE-2018-15126: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can…
PriorityP358critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
11.81%
95.6th percentile
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.11+dfsg-1.2 (bookworm) | libvncserver 0.9.11+dfsg-1.2 (bookworm) |
| libvnc_project | libvncserver | < 0.9.12 | 0.9.12 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2019-01-31
CVE-2018-15126 LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.
Instructions: After a standard system update you need to restart LibVNCServer
applications to make all the necessary changes.
Red Hat
libvncserver: Use-after-free in file transfer extension allows for potential code execution
vendor_redhat·2018-12-19·CVSS 9.8
CVE-2018-15126 [CRITICAL] CWE-416 libvncserver: Use-after-free in file transfer extension allows for potential code execution
libvncserver: Use-after-free in file transfer extension allows for potential code execution
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
Statement: This issue did not affect the versions of libvncserver as shipped with Red Hat Enterprise Linux 6 and 7, as they did not include support for tightvnc file transfer.
Package: libvncserver (Red Hat Enterprise Linux 6) - Not affected
Package: libvncserver (Red Hat Enterprise Linux 7) - Not affected
Package: libvncserver (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-15126: libvncserver - LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-...
vendor_debian·2018·CVSS 9.8
CVE-2018-15126 [CRITICAL] CVE-2018-15126: libvncserver - LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-...
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
Scope: local
bookworm: resolved (fixed in 0.9.11+dfsg-1.2)
bullseye: resolved (fixed in 0.9.11+dfsg-1.2)
forky: resolved (fixed in 0.9.11+dfsg-1.2)
sid: resolved (fixed in 0.9.11+dfsg-1.2)
trixie: resolved (fixed in 0.9.11+dfsg-1.2)
GHSA
GHSA-792h-432f-5q3w: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension tha
ghsa_unreviewed·2022-05-13
CVE-2018-15126 [CRITICAL] CWE-416 GHSA-792h-432f-5q3w: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension tha
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
OSV
CVE-2018-15126: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension tha
osv·2018-12-19·CVSS 9.8
CVE-2018-15126 [CRITICAL] CVE-2018-15126: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension tha
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
No detection rules found.
No public exploits indexed.
arXiv
Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud
arxiv_fulltext·2020-09-03
Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud
Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud
Hootan Alavizadeh1, Hooman Alavizadeh2 and Julian Jang-Jaccard2
1 Computer Engineering Department,
Imam Reza International University, Mashhah, Iran.
Email: [email protected]
2 School of Natural and Computational Sciences,
Massey University, Auckland, New Zealand.
Email: \h.alavizadeh,J.Jang-jaccard\@massey.ac.nz
## Abstract
The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the ente
Bugzilla
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [fedora-all]
bugzilla·2018-12-20·CVSS 9.8
CVE-2018-15126 [CRITICAL] CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [fedora-all]
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution
bugzilla·2018-12-20·CVSS 9.8
CVE-2018-15126 [CRITICAL] CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains a heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in 73cb96fec028a576a5a24417b57723b55854ad7b and later.
External Reference:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/
Upstream Patch:
https://github.com/LibVNC/libvncserver/commit/73cb96fec028a576a5a24417b57723b55854ad7b
Discussion:
Created libvncserver tracking bugs for this issue:
Affects: epel-7 [bug 1661112]
Bugzilla
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [epel-7]
bugzilla·2018-12-20·CVSS 9.8
CVE-2018-15126 [CRITICAL] CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [epel-7]
CVE-2018-15126 libvncserver: Use-after-free in file transfer extension allows for potential code execution [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use t
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/https://lists.debian.org/debian-lts-announce/2019/01/msg00029.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://usn.ubuntu.com/3877-1/https://www.debian.org/security/2019/dsa-4383https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/https://lists.debian.org/debian-lts-announce/2019/01/msg00029.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://usn.ubuntu.com/3877-1/https://www.debian.org/security/2019/dsa-4383
2018-12-19
Published