Think you have a false positive on this rule?

Sid 1-52397

Message

SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt

Summary

This event is generated when heap over exploit for LibVNCServer is detected.

Impact

remote code execution

Detailed information

The vulnerability looks for a value that could case a heap overflow to occur when using file transfer extensions for VNC.

Affected systems

Ease of attack

Simple

False positives

None known

False negatives

None known

Corrective action

Isolate the affected system and determine if it has been compromised. Remediate it in accordance with your organization's incident response policy if it has. Afterward, identify the application utilizing a vulnerable version of LibVNCServer and apply the latest stable patch for that application.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-15127
  • lists.debian.org/debian-lts-announce/2018/12/msg00017.html