ID CVE-2020-13398Type cveReporter cve@mitre.orgModified 2020-11-09T21:46:00
Description
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
{"id": "CVE-2020-13398", "bulletinFamily": "NVD", "title": "CVE-2020-13398", "description": "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.", "published": "2020-05-22T18:15:00", "modified": "2020-11-09T21:46:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13398", "reporter": "cve@mitre.org", "references": ["https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea", "https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69", "https://usn.ubuntu.com/4379-1/", "https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1", "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html", "https://usn.ubuntu.com/4382-1/", "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"], "cvelist": ["CVE-2020-13398"], "type": "cve", "lastseen": "2021-04-23T01:09:35", "edition": 15, "viewCount": 144, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2020-13398"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2020-13398/", "MSF:ILITIES/DEBIAN-CVE-2020-13398/", "MSF:ILITIES/REDHAT_LINUX-CVE-2020-13398/", "MSF:ILITIES/UBUNTU-CVE-2020-13398/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-13398/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-13398/", "MSF:ILITIES/SUSE-CVE-2020-13398/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-13398/", "MSF:ILITIES/CENTOS_LINUX-CVE-2020-13398/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-13398/"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2407", "ELSA-2020-2405", "ELSA-2020-2406"]}, {"type": "redhat", "idList": ["RHSA-2020:2415", "RHSA-2020:2405", "RHSA-2020:2407", "RHSA-2020:2417", "RHSA-2020:2406"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2020-2405.NASL", "REDHAT-RHSA-2020-2405.NASL", "REDHAT-RHSA-2020-2417.NASL", "CENTOS8_RHSA-2020-2407.NASL", "CENTOS_RHSA-2020-2406.NASL", "NEWSTART_CGSL_NS-SA-2021-0009_FREERDP.NASL", "SL_20200609_FREERDP_ON_SL7_X.NASL", "REDHAT-RHSA-2020-2415.NASL", "SL_20200609_FREERDP_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2020-2406.NASL"]}, {"type": "centos", "idList": ["CESA-2020:2406"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844457", "OPENVAS:1361412562310844455", "OPENVAS:1361412562310883246"]}, {"type": "archlinux", "idList": ["ASA-202005-16"]}, {"type": "ubuntu", "idList": ["USN-4382-1", "USN-4379-1", "USN-4382-2"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2356-1:1D418"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1090-1"]}], "modified": "2021-04-23T01:09:35", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-04-23T01:09:35", "rev": 2}, "vulnersScore": 5.9}, "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:debian:debian_linux:9.0"], "affectedSoftware": [{"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "16.04"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "18.04"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "20.04"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "9.0"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "19.10"}, {"cpeName": "opensuse:leap", "name": "opensuse leap", "operator": "eq", "version": "15.1"}, {"cpeName": "freerdp:freerdp", "name": "freerdp", "operator": "lt", "version": "2.1.1"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:freerdp:freerdp:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update", "refsource": "MLIST", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"}, {"name": "openSUSE-SU-2020:1090", "refsource": "SUSE", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"}, {"name": "USN-4382-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4382-1/"}, {"name": "USN-4379-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4379-1/"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea"}, {"name": "https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69"}], "immutableFields": []}
{"redhatcve": [{"lastseen": "2021-05-19T23:33:18", "bulletinFamily": "info", "cvelist": ["CVE-2020-13398"], "description": "An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted certificate, to cause an out-of-bounds write into client process memory, corrupting the integrity of the data used in the RSA encryption functionality, or causing a denial of service.\n#### Mitigation\n\nTo mitigate this flaw, only make connection attempts to trusted RDP servers from the RDP client application. \n\n", "modified": "2021-04-27T13:00:21", "published": "2020-05-28T15:55:59", "id": "RH:CVE-2020-13398", "href": "https://access.redhat.com/security/cve/cve-2020-13398", "type": "redhatcve", "title": "CVE-2020-13398", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2021-06-15T06:59:48", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "SUSE: CVE-2020-13398: SUSE Linux Security Advisory", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/SUSE-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:56", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-13398: freerdp security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:54", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Ubuntu: (Multiple Advisories) (CVE-2020-13398): FreeRDP vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/UBUNTU-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:55", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-13398: freerdp security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:50", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Debian: CVE-2020-13398: freerdp, freerdp2 -- security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/DEBIAN-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T07:00:06", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-13398: freerdp security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:45", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-13398: freerdp security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:52", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Red Hat: CVE-2020-13398: Important: freerdp security update (Multiple Advisories)", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/REDHAT_LINUX-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:49", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Oracle Linux: (CVE-2020-13398) ELSA-2020-2406: freerdp security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/ORACLE_LINUX-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-15T06:59:57", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Centos Linux: CVE-2020-13398: Important: freerdp security update (Multiple Advisories)", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13398"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/CENTOS_LINUX-CVE-2020-13398/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-25T13:44:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-05T00:00:00", "title": "RHEL 7 : freerdp (RHSA-2020:2405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freerdp-devel", "p-cpe:/a:redhat:enterprise_linux:freerdp-libs", "p-cpe:/a:redhat:enterprise_linux:libwinpr", "p-cpe:/a:redhat:enterprise_linux:libwinpr-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:freerdp"], "id": "REDHAT-RHSA-2020-2405.NASL", "href": "https://www.tenable.com/plugins/nessus/137186", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2405. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137186);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2405\");\n\n script_name(english:\"RHEL 7 : freerdp (RHSA-2020:2405)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841199\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122, 787, 805);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2405');\n}\n\npkgs = [\n {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:30:44", "description": "From Red Hat Security Advisory 2020:2405 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2405 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-08T00:00:00", "title": "Oracle Linux 7 : freerdp (ELSA-2020-2405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libwinpr-devel", "p-cpe:/a:oracle:linux:freerdp-libs", "p-cpe:/a:oracle:linux:freerdp", "p-cpe:/a:oracle:linux:freerdp-devel", "p-cpe:/a:oracle:linux:libwinpr", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-2405.NASL", "href": "https://www.tenable.com/plugins/nessus/137222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2405 and \n# Oracle Linux Security Advisory ELSA-2020-2405 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137222);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/10\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2405\");\n\n script_name(english:\"Oracle Linux 7 : freerdp (ELSA-2020-2405)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2405 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2405 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010004.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freerdp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwinpr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freerdp-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freerdp-devel-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freerdp-libs-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libwinpr-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libwinpr-devel-2.0.0-4.rc4.el7_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-13T04:25:42", "description": "Security Fix(es) :\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)", "edition": 2, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-10T00:00:00", "title": "Scientific Linux Security Update : freerdp on SL6.x i386/x86_64 (20200609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-10T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:freerdp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:freerdp-libs", "p-cpe:/a:fermilab:scientific_linux:freerdp-devel", "p-cpe:/a:fermilab:scientific_linux:freerdp-plugins", "p-cpe:/a:fermilab:scientific_linux:freerdp", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200609_FREERDP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/137292", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137292);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2020-13398\");\n\n script_name(english:\"Scientific Linux Security Update : freerdp on SL6.x i386/x86_64 (20200609)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=4030\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb535b11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"freerdp-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freerdp-debuginfo-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freerdp-devel-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freerdp-libs-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freerdp-plugins-1.0.2-7.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-debuginfo / freerdp-devel / freerdp-libs / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:24:02", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-05T00:00:00", "title": "CentOS 6 : freerdp (CESA-2020:2406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freerdp", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:freerdp-plugins", "p-cpe:/a:centos:centos:freerdp-devel", "p-cpe:/a:centos:centos:freerdp-libs"], "id": "CENTOS_RHSA-2020-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/137152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:2406 and \n# CentOS Errata and Security Advisory 2020:2406 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137152);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/10\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2406\");\n\n script_name(english:\"CentOS 6 : freerdp (CESA-2020:2406)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-June/035749.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac7f32f6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freerdp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"freerdp-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freerdp-devel-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freerdp-libs-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freerdp-plugins-1.0.2-7.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-devel / freerdp-libs / freerdp-plugins\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-03-25T13:44:33", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-05T00:00:00", "title": "RHEL 6 : freerdp (RHSA-2020:2406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freerdp-devel", "p-cpe:/a:redhat:enterprise_linux:freerdp-libs", "p-cpe:/a:redhat:enterprise_linux:freerdp-plugins", "p-cpe:/a:redhat:enterprise_linux:freerdp", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2020-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/137138", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2406. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137138);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2406\");\n\n script_name(english:\"RHEL 6 : freerdp (RHSA-2020:2406)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841199\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122, 787, 805);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-plugins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-for-system-z-debug-rpms',\n 'rhel-6-for-system-z-fastrack-debug-rpms',\n 'rhel-6-for-system-z-fastrack-rpms',\n 'rhel-6-for-system-z-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-rpms',\n 'rhel-6-for-system-z-optional-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-rpms',\n 'rhel-6-for-system-z-optional-source-rpms',\n 'rhel-6-for-system-z-rpms',\n 'rhel-6-for-system-z-source-rpms',\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2406');\n}\n\npkgs = [\n {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / freerdp-plugins');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-13T04:25:42", "description": "Security Fix(es) :\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)", "edition": 2, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-10T00:00:00", "title": "Scientific Linux Security Update : freerdp on SL7.x x86_64 (20200609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-10T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:freerdp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:freerdp-libs", "p-cpe:/a:fermilab:scientific_linux:freerdp-devel", "p-cpe:/a:fermilab:scientific_linux:freerdp", "p-cpe:/a:fermilab:scientific_linux:libwinpr-devel", "p-cpe:/a:fermilab:scientific_linux:libwinpr", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200609_FREERDP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/137293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137293);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2020-13398\");\n\n script_name(english:\"Scientific Linux Security Update : freerdp on SL7.x x86_64 (20200609)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=3400\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba563925\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwinpr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freerdp-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freerdp-debuginfo-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freerdp-devel-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freerdp-libs-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwinpr-2.0.0-4.rc4.el7_8.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwinpr-devel-2.0.0-4.rc4.el7_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-debuginfo / freerdp-devel / freerdp-libs / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:30:44", "description": "From Red Hat Security Advisory 2020:2406 :\n\nThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-08T00:00:00", "title": "Oracle Linux 6 : freerdp (ELSA-2020-2406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:freerdp-plugins", "p-cpe:/a:oracle:linux:freerdp-libs", "p-cpe:/a:oracle:linux:freerdp", "p-cpe:/a:oracle:linux:freerdp-devel"], "id": "ORACLELINUX_ELSA-2020-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/137223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2406 and \n# Oracle Linux Security Advisory ELSA-2020-2406 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137223);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/10\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2406\");\n\n script_name(english:\"Oracle Linux 6 : freerdp (ELSA-2020-2406)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2406 :\n\nThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2406 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in\n libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010012.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freerdp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"freerdp-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freerdp-devel-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freerdp-libs-1.0.2-7.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freerdp-plugins-1.0.2-7.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-devel / freerdp-libs / freerdp-plugins\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-03-25T13:44:33", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-05T00:00:00", "title": "RHEL 8 : freerdp (RHSA-2020:2407)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-05T00:00:00", "cpe": ["cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:freerdp-devel", "p-cpe:/a:redhat:enterprise_linux:freerdp-libs", "p-cpe:/a:redhat:enterprise_linux:libwinpr", "p-cpe:/a:redhat:enterprise_linux:libwinpr-devel", "cpe:/o:redhat:rhel_eus:8.4", "p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:freerdp", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_eus:8.2"], "id": "REDHAT-RHSA-2020-2407.NASL", "href": "https://www.tenable.com/plugins/nessus/137140", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2407. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137140);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2407\");\n\n script_name(english:\"RHEL 8 : freerdp (RHSA-2020:2407)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841199\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122, 787, 805);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2407');\n}\n\npkgs = [\n {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_crb', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_crb']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / freerdp-libs / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-03-24T09:24:46", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:2407 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2021-02-01T00:00:00", "title": "CentOS 8 : freerdp (CESA-2020:2407)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freerdp", "p-cpe:/a:centos:centos:libwinpr-devel", "p-cpe:/a:centos:centos:freerdp-devel", "p-cpe:/a:centos:centos:freerdp-libs", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:libwinpr"], "id": "CENTOS8_RHSA-2020-2407.NASL", "href": "https://www.tenable.com/plugins/nessus/145999", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:2407. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145999);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2407\");\n\n script_name(english:\"CentOS 8 : freerdp (CESA-2020:2407)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:2407 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2407\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwinpr-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-03-25T13:44:33", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2415 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-06-08T00:00:00", "title": "RHEL 8 : freerdp (RHSA-2020:2415)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "modified": "2020-06-08T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:freerdp-devel", "p-cpe:/a:redhat:enterprise_linux:freerdp-libs", "p-cpe:/a:redhat:enterprise_linux:libwinpr", "p-cpe:/a:redhat:enterprise_linux:libwinpr-devel", "p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:freerdp"], "id": "REDHAT-RHSA-2020-2415.NASL", "href": "https://www.tenable.com/plugins/nessus/137237", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2415. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137237);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-13398\");\n script_xref(name:\"RHSA\", value:\"2020:2415\");\n\n script_name(english:\"RHEL 8 : freerdp (RHSA-2020:2415)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2415 advisory.\n\n - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/805.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841199\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122, 787, 805);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2415');\n}\n\npkgs = [\n {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']},\n {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_crb']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / freerdp-libs / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "[2.0.0-4.rc4.1]\n- CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841974)", "modified": "2020-06-05T00:00:00", "published": "2020-06-05T00:00:00", "id": "ELSA-2020-2405", "href": "http://linux.oracle.com/errata/ELSA-2020-2405.html", "type": "oraclelinux", "title": "freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-04T20:21:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "[2:2.0.0-46.rc4.2]\n- CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841978)", "modified": "2020-06-04T00:00:00", "published": "2020-06-04T00:00:00", "id": "ELSA-2020-2407", "href": "http://linux.oracle.com/errata/ELSA-2020-2407.html", "type": "oraclelinux", "title": "freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-06-04T20:20:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "[1.0.2-7]\n- CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841980)", "modified": "2020-06-05T00:00:00", "published": "2020-06-05T00:00:00", "id": "ELSA-2020-2406", "href": "http://linux.oracle.com/errata/ELSA-2020-2406.html", "type": "oraclelinux", "title": "freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-06-08T09:51:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-08T13:13:45", "published": "2020-06-08T13:03:42", "id": "RHSA-2020:2417", "href": "https://access.redhat.com/errata/RHSA-2020:2417", "type": "redhat", "title": "(RHSA-2020:2417) Important: freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T19:50:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-04T22:04:52", "published": "2020-06-04T21:35:05", "id": "RHSA-2020:2406", "href": "https://access.redhat.com/errata/RHSA-2020:2406", "type": "redhat", "title": "(RHSA-2020:2406) Important: freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-08T09:52:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-08T13:19:35", "published": "2020-06-08T13:03:09", "id": "RHSA-2020:2415", "href": "https://access.redhat.com/errata/RHSA-2020:2415", "type": "redhat", "title": "(RHSA-2020:2415) Important: freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T03:53:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-05T06:18:30", "published": "2020-06-04T21:00:01", "id": "RHSA-2020:2405", "href": "https://access.redhat.com/errata/RHSA-2020:2405", "type": "redhat", "title": "(RHSA-2020:2405) Important: freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T21:51:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-05T00:54:45", "published": "2020-06-05T00:38:03", "id": "RHSA-2020:2407", "href": "https://access.redhat.com/errata/RHSA-2020:2407", "type": "redhat", "title": "(RHSA-2020:2407) Important: freerdp security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-08T21:54:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13398"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2020-06-05T00:00:00", "id": "OPENVAS:1361412562310883246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883246", "type": "openvas", "title": "CentOS: Security Advisory for freerdp (CESA-2020:2406)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883246\");\n script_version(\"2020-06-05T06:49:56+0000\");\n script_cve_id(\"CVE-2020-13398\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 06:49:56 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-05 03:01:16 +0000 (Fri, 05 Jun 2020)\");\n script_name(\"CentOS: Security Advisory for freerdp (CESA-2020:2406)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2020:2406\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-June/035749.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freerdp'\n package(s) announced via the CESA-2020:2406 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),\nreleased under the Apache license. The xfreerdp client can connect to RDP\nservers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n * freerdp: Out-of-bounds write in crypto_rsa_common in\nlibfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'freerdp' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"freerdp\", rpm:\"freerdp~1.0.2~7.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freerdp-devel\", rpm:\"freerdp-devel~1.0.2~7.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freerdp-libs\", rpm:\"freerdp-libs~1.0.2~7.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freerdp-plugins\", rpm:\"freerdp-plugins~1.0.2~7.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-06-15T15:55:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2020-11048", "CVE-2020-11042"], "description": "The remote host is missing an update for the ", "modified": "2020-06-12T00:00:00", "published": "2020-06-05T00:00:00", "id": "OPENVAS:1361412562310844457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844457", "type": "openvas", "title": "Ubuntu: Security Advisory for freerdp (USN-4382-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844457\");\n script_version(\"2020-06-12T08:31:38+0000\");\n script_cve_id(\"CVE-2020-11042\", \"CVE-2020-11045\", \"CVE-2020-11046\", \"CVE-2020-11048\", \"CVE-2020-11049\", \"CVE-2020-11058\", \"CVE-2020-11521\", \"CVE-2020-11522\", \"CVE-2020-11523\", \"CVE-2020-11525\", \"CVE-2020-11526\", \"CVE-2020-13396\", \"CVE-2020-13397\", \"CVE-2020-13398\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 08:31:38 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-05 03:00:34 +0000 (Fri, 05 Jun 2020)\");\n script_name(\"Ubuntu: Security Advisory for freerdp (USN-4382-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4382-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-June/005464.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freerdp'\n package(s) announced via the USN-4382-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that FreeRDP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause FreeRDP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'freerdp' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-client1.1\", ver:\"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-common1.1.0\", ver:\"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-core1.1\", ver:\"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T16:12:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2019-17177", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11524", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-11049", "CVE-2020-11047", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2018-1000852", "CVE-2020-11048", "CVE-2020-11042", "CVE-2020-11044"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2020-06-02T00:00:00", "id": "OPENVAS:1361412562310844455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844455", "type": "openvas", "title": "Ubuntu: Security Advisory for freerdp2 (USN-4379-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844455\");\n script_version(\"2020-06-03T10:55:59+0000\");\n script_cve_id(\"CVE-2018-1000852\", \"CVE-2019-17177\", \"CVE-2020-11042\", \"CVE-2020-11044\", \"CVE-2020-11045\", \"CVE-2020-11046\", \"CVE-2020-11047\", \"CVE-2020-11048\", \"CVE-2020-11049\", \"CVE-2020-11058\", \"CVE-2020-11521\", \"CVE-2020-11522\", \"CVE-2020-11523\", \"CVE-2020-11524\", \"CVE-2020-11525\", \"CVE-2020-11526\", \"CVE-2020-13396\", \"CVE-2020-13397\", \"CVE-2020-13398\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 10:55:59 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-02 03:00:23 +0000 (Tue, 02 Jun 2020)\");\n script_name(\"Ubuntu: Security Advisory for freerdp2 (USN-4379-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU20\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4379-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-June/005460.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freerdp2'\n package(s) announced via the USN-4379-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that FreeRDP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause FreeRDP to\ncrash, resulting in a denial of service, or possibly exeucte arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'freerdp2' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-client2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-server2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-client2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-server2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-client2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp-server2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libfreerdp2-2\", ver:\"2.1.1+dfsg1-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-06-04T23:25:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13398"], "description": "**CentOS Errata and Security Advisory** CESA-2020:2406\n\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-June/035749.html\n\n**Affected packages:**\nfreerdp\nfreerdp-devel\nfreerdp-libs\nfreerdp-plugins\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-06-04T20:08:00", "published": "2020-06-04T20:08:00", "id": "CESA-2020:2406", "href": "http://lists.centos.org/pipermail/centos-announce/2020-June/035749.html", "title": "freerdp security update", "type": "centos", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398"], "description": "Arch Linux Security Advisory ASA-202005-16\n==========================================\n\nSeverity: High\nDate : 2020-05-23\nCVE-ID : CVE-2020-13396 CVE-2020-13397 CVE-2020-13398\nPackage : freerdp\nType : information disclosure\nRemote : No\nLink : https://security.archlinux.org/AVG-1172\n\nSummary\n=======\n\nThe package freerdp before version 2:2.1.1-1 is vulnerable to\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 2:2.1.1-1.\n\n# pacman -Syu \"freerdp>=2:2.1.1-1\"\n\nThe problems have been fixed upstream in version 2.1.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-13396 (information disclosure)\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB)\nread vulnerability has been detected in ntlm_read_ChallengeMessage in\nwinpr/libwinpr/sspi/NTLM/ntlm_message.c.\n\n- CVE-2020-13397 (information disclosure)\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB)\nread vulnerability has been detected in security_fips_decrypt in\nlibfreerdp/core/security.c due to an uninitialized value.\n\n- CVE-2020-13398 (information disclosure)\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB)\nwrite vulnerability has been detected in crypto_rsa_common in\nlibfreerdp/crypto/crypto.c.\n\nImpact\n======\n\nA local malicious user can send crafted network traffic and leak\ninformation from the host.\n\nReferences\n==========\n\nhttps://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc\nhttps://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69\nhttps://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8\nhttps://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea\nhttps://security.archlinux.org/CVE-2020-13396\nhttps://security.archlinux.org/CVE-2020-13397\nhttps://security.archlinux.org/CVE-2020-13398", "modified": "2020-05-23T00:00:00", "published": "2020-05-23T00:00:00", "id": "ASA-202005-16", "href": "https://security.archlinux.org/ASA-202005-16", "type": "archlinux", "title": "[ASA-202005-16] freerdp: information disclosure", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-11-27T00:55:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2020-11048", "CVE-2020-11042"], "description": "It was discovered that FreeRDP incorrectly handled certain memory \noperations. A remote attacker could use this issue to cause FreeRDP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 1, "modified": "2020-11-26T00:00:00", "published": "2020-11-26T00:00:00", "id": "USN-4382-2", "href": "https://ubuntu.com/security/notices/USN-4382-2", "title": "FreeRDP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:33:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2020-11048", "CVE-2020-11042"], "description": "It was discovered that FreeRDP incorrectly handled certain memory \noperations. A remote attacker could use this issue to cause FreeRDP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 3, "modified": "2020-06-04T00:00:00", "published": "2020-06-04T00:00:00", "id": "USN-4382-1", "href": "https://ubuntu.com/security/notices/USN-4382-1", "title": "FreeRDP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T14:02:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2019-17177", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11524", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-11049", "CVE-2020-11047", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2018-1000852", "CVE-2020-11048", "CVE-2020-11042", "CVE-2020-11044"], "description": "It was discovered that FreeRDP incorrectly handled certain memory \noperations. A remote attacker could use this issue to cause FreeRDP to \ncrash, resulting in a denial of service, or possibly exeucte arbitrary \ncode.", "edition": 3, "modified": "2020-06-01T00:00:00", "published": "2020-06-01T00:00:00", "id": "USN-4379-1", "href": "https://ubuntu.com/security/notices/USN-4379-1", "title": "FreeRDP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-06-08T22:29:54", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-11045", "CVE-2020-11521", "CVE-2020-11526", "CVE-2020-11046", "CVE-2014-0791", "CVE-2020-11525", "CVE-2020-11058", "CVE-2020-13398", "CVE-2020-11523", "CVE-2020-11048", "CVE-2020-11042"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2356-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Mike Gabriel\nAugust 30, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : freerdp\nVersion : 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4\nCVE ID : CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 \n CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 \n CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 \n CVE-2020-13397 CVE-2020-13398\n\nSeveral vulnerabilites have been reported against FreeRDP, an Open Source\nserver and client implementation of the Microsoft RDP protocol.\n\nCVE-2014-0791\n\n An integer overflow in the license_read_scope_list function in\n libfreerdp/core/license.c in FreeRDP allowed remote RDP\n servers to cause a denial of service (application crash) or possibly\n have unspecified other impact via a large ScopeCount value in a Scope\n List in a Server License Request packet.\n\nCVE-2020-11042\n\n In FreeRDP there was an out-of-bounds read in update_read_icon_info.\n It allowed reading an attacker-defined amount of client memory (32bit\n unsigned -> 4GB) to an intermediate buffer. This could have been used\n to crash the client or store information for later retrieval.\n\nCVE-2020-11045\n\n In FreeRDP there was an out-of-bound read in in\n update_read_bitmap_data that allowed client memory to be read to an\n image buffer. The result displayed on screen as colour.\n\nCVE-2020-11046\n\n In FreeRDP there was a stream out-of-bounds seek in\n update_read_synchronize that could have lead to a later out-of-bounds\n read.\n\nCVE-2020-11048\n\n In FreeRDP there was an out-of-bounds read. It only allowed to abort\n a session. No data extraction was possible.\n\nCVE-2020-11058\n\n In FreeRDP, a stream out-of-bounds seek in\n rdp_read_font_capability_set could have lead to a later out-of-bounds\n read. As a result, a manipulated client or server might have forced a\n disconnect due to an invalid data read.\n\nCVE-2020-11521\n\n libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.\n\nCVE-2020-11522\n\n libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.\n\nCVE-2020-11523\n\n libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.\n\nCVE-2020-11525\n\n libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.\n\nCVE-2020-11526\n\n libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.\n\nCVE-2020-13396\n\n An out-of-bounds (OOB) read vulnerability has been detected in\n ntlm_read_ChallengeMessage in\n winpr/libwinpr/sspi/NTLM/ntlm_message.c.\n\nCVE-2020-13397\n\n An out-of-bounds (OOB) read vulnerability has been detected in\n security_fips_decrypt in libfreerdp/core/security.c due to an\n uninitialized value.\n\nCVE-2020-13398\n\n An out-of-bounds (OOB) write vulnerability has been detected in\n crypto_rsa_common in libfreerdp/crypto/crypto.c.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.\n\nWe recommend that you upgrade your freerdp packages.\n\nFor the detailed security status of freerdp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/freerdp\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 3, "modified": "2020-08-29T23:52:09", "published": "2020-08-29T23:52:09", "id": "DEBIAN:DLA-2356-1:1D418", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00054.html", "title": "[SECURITY] [DLA 2356-1] freerdp security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-07-27T01:26:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-4031", "CVE-2020-13397", "CVE-2020-11043", "CVE-2020-11038", "CVE-2020-11019", "CVE-2020-11096", "CVE-2020-11089", "CVE-2020-11521", "CVE-2020-11018", "CVE-2020-11526", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11088", "CVE-2020-11086", "CVE-2020-13398", "CVE-2020-11097", "CVE-2020-11523", "CVE-2020-11039", "CVE-2020-11095", "CVE-2020-11017", "CVE-2020-4032", "CVE-2020-11040", "CVE-2020-4033", "CVE-2020-11041", "CVE-2020-11087", "CVE-2020-11098", "CVE-2020-11085"], "description": "This update for freerdp fixes the following issues:\n\n frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and\n jsc#ECO-2006):\n\n - CVE-2020-11017: Fixed a double free which could have denied the server's\n service.\n - CVE-2020-11018: Fixed an out of bounds read which a malicious clients\n could have triggered.\n - CVE-2020-11019: Fixed an issue which could have led to denial of service\n if logger was set to "WLOG_TRACE".\n - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.\n - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory\n read and write when USB redirection was enabled.\n - CVE-2020-11040: Fixed an out of bounds data read in\n clear_decompress_subcode_rlex.\n - CVE-2020-11041: Fixed an issue with the configuration for sound backend\n which could have led to server's denial of service.\n - CVE-2020-11043: Fixed an out of bounds read in\n rfx_process_message_tileset.\n - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list.\n - CVE-2020-11086: Fixed an out of bounds read in\n ntlm_read_ntlm_v2_client_challenge.\n - CVE-2020-11087: Fixed an out of bounds read in\n ntlm_read_AuthenticateMessage.\n - CVE-2020-11088: Fixed an out of bounds read in\n ntlm_read_NegotiateMessage.\n - CVE-2020-11089: Fixed an out of bounds read in irp function family.\n - CVE-2020-11095: Fixed a global out of bounds read in\n update_recv_primary_order.\n - CVE-2020-11096: Fixed a global out of bounds read in\n update_read_cache_bitmap_v3_order.\n - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get.\n - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put.\n - CVE-2020-11099: Fixed an out of bounds Read in\n license_read_new_or_upgrade_license_packet.\n - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443).\n - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444).\n - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445).\n - CVE-2020-11524: Fixed an out of bounds write in interleaved.c\n (bsc#1171446).\n - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447).\n - CVE-2020-11526: Fixed an out of bounds read in\n update_recv_secondary_order (bsc#1171674).\n - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage.\n - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due\n to uninitialized value.\n - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common.\n - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`.\n - CVE-2020-4031: Fixed a use after free in gdi_SelectObject.\n - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`.\n - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS.\n - Fixed an issue where freerdp failed with -fno-common (bsc#1169748).\n - Fixed an issue where USB redirection with FreeRDP was not working\n (bsc#1169679).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-07-27T00:12:31", "published": "2020-07-27T00:12:31", "id": "OPENSUSE-SU-2020:1090-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html", "title": "Security update for freerdp (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
