Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202006-15
HistoryJun 28, 2020 - 12:00 a.m.

[ASA-202006-15] freerdp: multiple issues

2020-06-2800:00:00
security.archlinux.org
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

Arch Linux Security Advisory ASA-202006-15

Severity: High
Date : 2020-06-28
CVE-ID : CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033
CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098
CVE-2020-11099
Package : freerdp
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1193

Summary

The package freerdp before version 2:2.1.2-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution

Upgrade to 2:2.1.2-1.

pacman -Syu “freerdp>=2:2.1.2-1”

The problems have been fixed upstream in version 2.1.2.

Workaround

None.

Description

  • CVE-2020-4030 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, where
logging might bypass string length checks due to an integer overflow.

  • CVE-2020-4031 (arbitrary code execution)

A use-after-free vulnerability has been found in FreeRDP before 2.1.2,
in gdi_SelectObject(). Clients using compatibility mode enabled with
/relax-order-checks are affected.

  • CVE-2020-4032 (information disclosure)

An integer casting vulnerability leading to an out-of-bounds read has
been found in FreeRDP before 2.1.2, in update_recv_secondary_order(),
on clients with +glyph-cache or /relax-order-checks options enabled.

  • CVE-2020-4033 (information disclosure)

An out-of-bounds read of up to 4 bytes has been found in FreeRDP before
2.1.2, affecting all FreeRDP based clients with sessions with color
depth < 32.

  • CVE-2020-11095 (information disclosure)

A global out-of-bounds read has been found in FreeRDP before 2.1.2, in
update_recv_primary_order.

  • CVE-2020-11096 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
update_read_cache_bitmap_v3_order().

  • CVE-2020-11097 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
ntlm_av_pair_get().

  • CVE-2020-11098 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
glyph_cache_put. This issue only exists when glyph-cache is enabled,
which is not the case by default.

  • CVE-2020-11099 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
license_read_new_or_upgrade_license_packet().

Impact

A remote attacker might be able to access sensitive information or
crash the application via a crafted RDP session. A malicious server, or
an attacker in position of man-in-the-middle might be able to execute
arbitrary code on the affected host.

References

http://www.freerdp.com/2020/06/22/2_1_2-released
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a
https://security.archlinux.org/CVE-2020-4030
https://security.archlinux.org/CVE-2020-4031
https://security.archlinux.org/CVE-2020-4032
https://security.archlinux.org/CVE-2020-4033
https://security.archlinux.org/CVE-2020-11095
https://security.archlinux.org/CVE-2020-11096
https://security.archlinux.org/CVE-2020-11097
https://security.archlinux.org/CVE-2020-11098
https://security.archlinux.org/CVE-2020-11099

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyfreerdp< 2:2.1.2-1UNKNOWN

References

Related

altlinux 1
openvas 17
fedora 2
ubuntu 1
nessus 20
rocky 1
oraclelinux 1
redhat 1
almalinux 1
osv 12
suse 1
alpinelinux 9
veracode 9
debiancve 9
prion 9
cve 9
ubuntucve 9
redhatcve 9
mageia 1
debian 1
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.1.2-alt1
2020-06-25 00:00:00
openvas
openvas
FreeRDP < 2.1.2 Multiple Vulnerabilities
2021-03-17 00:00:00
Fedora: Security Advisory for freerdp (FEDORA-2020-a3432485db)
2020-08-02 00:00:00
Fedora: Security Advisory for freerdp (FEDORA-2020-8d5f86e29a)
2020-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: freerdp-2.2.0-1.fc32
2020-07-30 17:54:06
[SECURITY] Fedora 31 Update: freerdp-2.2.0-1.fc31
2020-08-01 01:18:39
ubuntu
ubuntu
FreeRDP vulnerabilities
2020-09-01 00:00:00
nessus
nessus
Fedora 32 : 2:freerdp (2020-8d5f86e29a)
2020-07-30 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : FreeRDP vulnerabilities (USN-4481-1)
2020-09-02 00:00:00
Fedora 31 : 2:freerdp (2020-a3432485db)
2020-08-03 00:00:00
rocky
rocky
freerdp security, bug fix, and enhancement update
2021-05-18 06:14:36
oraclelinux
oraclelinux
freerdp security, bug fix, and enhancement update
2021-05-25 00:00:00
redhat
redhat
(RHSA-2021:1849) Moderate: freerdp security, bug fix, and enhancement update
2021-05-18 06:14:36
almalinux
almalinux
Moderate: freerdp security, bug fix, and enhancement update
2021-05-18 06:14:36
osv
osv
Moderate: freerdp security, bug fix, and enhancement update
2021-05-18 06:14:36
Moderate: freerdp security, bug fix, and enhancement update
2021-05-18 06:14:36
CVE-2020-11095
2020-06-22 22:15:11
suse
suse
Security update for freerdp (important)
2020-07-26 00:00:00
alpinelinux
alpinelinux
CVE-2020-11095
2020-06-22 22:15:00
CVE-2020-11096
2020-06-22 22:15:00
CVE-2020-11098
2020-06-22 22:15:00
veracode
veracode
Out Of Bounds Read
2020-08-06 21:36:53
Denial Of Service (DoS)
2020-08-06 21:36:50
Privilege Escalation
2020-08-06 21:36:51
debiancve
debiancve
CVE-2020-11099
2020-06-22 22:15:00
CVE-2020-11096
2020-06-22 22:15:00
CVE-2020-11095
2020-06-22 22:15:00
prion
prion
Design/Logic Flaw
2020-06-22 22:15:00
Out-of-bounds
2020-06-22 22:15:00
Out-of-bounds
2020-06-22 22:15:00
cve
cve
CVE-2020-11095
2020-06-22 22:15:00
CVE-2020-11097
2020-06-22 22:15:00
CVE-2020-11099
2020-06-22 22:15:00
ubuntucve
ubuntucve
CVE-2020-11096
2020-06-22 00:00:00
CVE-2020-11097
2020-06-22 00:00:00
CVE-2020-11098
2020-06-22 00:00:00
redhatcve
redhatcve
CVE-2020-11098
2020-07-08 11:20:45
CVE-2020-11097
2020-07-08 13:23:49
CVE-2020-11099
2020-07-08 13:25:55
mageia
mageia
Updated freerdp/remmina packages fix security vulnerability
2020-08-01 02:25:42
debian
debian
[SECURITY] [DLA 3606-1] freerdp2 security update
2023-10-07 18:09:17

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON
Related for ASA-202006-15
altlinux1openvas17fedora2ubuntu1nessus20rocky1oraclelinux1redhat1almalinux1osv12suse1alpinelinux9veracode9debiancve9prion9cve9ubuntucve9redhatcve9mageia1debian1