ID FEDORA:0706634E5267 Type fedora Reporter Fedora Modified 2020-07-30T17:54:06
Description
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.
{"nessus": [{"lastseen": "2020-09-18T11:06:03", "description": "It was discovered that FreeRDP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause FreeRDP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-09-02T00:00:00", "title": "Ubuntu 18.04 LTS / 20.04 : FreeRDP vulnerabilities (USN-4481-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-4031", "CVE-2020-11096", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11097", "CVE-2020-11095", "CVE-2020-4032", "CVE-2020-15103", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04", "p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client2-2", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libfreerdp2-2", "p-cpe:/a:canonical:ubuntu_linux:libfreerdp-server2-2"], "id": "UBUNTU_USN-4481-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4481-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140179);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2020-11095\", \"CVE-2020-11096\", \"CVE-2020-11097\", \"CVE-2020-11098\", \"CVE-2020-11099\", \"CVE-2020-15103\", \"CVE-2020-4030\", \"CVE-2020-4031\", \"CVE-2020-4032\", \"CVE-2020-4033\");\n script_xref(name:\"USN\", value:\"4481-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 : FreeRDP vulnerabilities (USN-4481-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that FreeRDP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause FreeRDP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4481-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libfreerdp-client2-2, libfreerdp-server2-2 and /\nor libfreerdp2-2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4033\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-server2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreerdp2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libfreerdp-client2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libfreerdp-server2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libfreerdp2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"libfreerdp-client2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.20.04.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"libfreerdp-server2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.20.04.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"libfreerdp2-2\", pkgver:\"2.2.0+dfsg1-0ubuntu0.20.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreerdp-client2-2 / libfreerdp-server2-2 / libfreerdp2-2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-09-25T06:29:55", "description": "Bugfix and CVE release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-07-30T00:00:00", "title": "Fedora 32 : 2:freerdp (2020-8d5f86e29a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-4031", "CVE-2020-11096", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11097", "CVE-2020-11095", "CVE-2020-4032", "CVE-2020-15103", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:freerdp", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-8D5F86E29A.NASL", "href": "https://www.tenable.com/plugins/nessus/139103", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-8d5f86e29a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139103);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2020-11095\", \"CVE-2020-11096\", \"CVE-2020-11097\", \"CVE-2020-11098\", \"CVE-2020-11099\", \"CVE-2020-15103\", \"CVE-2020-4030\", \"CVE-2020-4031\", \"CVE-2020-4032\", \"CVE-2020-4033\");\n script_xref(name:\"FEDORA\", value:\"2020-8d5f86e29a\");\n\n script_name(english:\"Fedora 32 : 2:freerdp (2020-8d5f86e29a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Bugfix and CVE release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-8d5f86e29a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:freerdp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4033\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"freerdp-2.2.0-1.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:freerdp\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-09-25T06:30:44", "description": "Bugfix and CVE release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-08-03T00:00:00", "title": "Fedora 31 : 2:freerdp (2020-a3432485db)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-4031", "CVE-2020-11096", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11097", "CVE-2020-11095", "CVE-2020-4032", "CVE-2020-15103", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:freerdp", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A3432485DB.NASL", "href": "https://www.tenable.com/plugins/nessus/139263", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a3432485db.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139263);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2020-11095\", \"CVE-2020-11096\", \"CVE-2020-11097\", \"CVE-2020-11098\", \"CVE-2020-11099\", \"CVE-2020-15103\", \"CVE-2020-4030\", \"CVE-2020-4031\", \"CVE-2020-4032\", \"CVE-2020-4033\");\n script_xref(name:\"FEDORA\", value:\"2020-a3432485db\");\n\n script_name(english:\"Fedora 31 : 2:freerdp (2020-a3432485db)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Bugfix and CVE release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a3432485db\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:freerdp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4033\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"freerdp-2.2.0-1.fc31\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:freerdp\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-09-25T08:45:06", "description": "This update for freerdp fixes the following issues :\n\nfrerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and\njsc#ECO-2006) :\n\n - CVE-2020-11017: Fixed a double free which could have\n denied the server's service.\n\n - CVE-2020-11018: Fixed an out of bounds read which a\n malicious clients could have triggered.\n\n - CVE-2020-11019: Fixed an issue which could have led to\n denial of service if logger was set to 'WLOG_TRACE'.\n\n - CVE-2020-11038: Fixed a buffer overflow when /video\n redirection was used.\n\n - CVE-2020-11039: Fixed an issue which could have allowed\n arbitrary memory read and write when USB redirection was\n enabled.\n\n - CVE-2020-11040: Fixed an out of bounds data read in\n clear_decompress_subcode_rlex.\n\n - CVE-2020-11041: Fixed an issue with the configuration\n for sound backend which could have led to server's\n denial of service.\n\n - CVE-2020-11043: Fixed an out of bounds read in\n rfx_process_message_tileset.\n\n - CVE-2020-11085: Fixed an out of bounds read in\n cliprdr_read_format_list.\n\n - CVE-2020-11086: Fixed an out of bounds read in\n ntlm_read_ntlm_v2_client_challenge.\n\n - CVE-2020-11087: Fixed an out of bounds read in\n ntlm_read_AuthenticateMessage.\n\n - CVE-2020-11088: Fixed an out of bounds read in\n ntlm_read_NegotiateMessage.\n\n - CVE-2020-11089: Fixed an out of bounds read in irp\n function family.\n\n - CVE-2020-11095: Fixed a global out of bounds read in\n update_recv_primary_order.\n\n - CVE-2020-11096: Fixed a global out of bounds read in\n update_read_cache_bitmap_v3_order.\n\n - CVE-2020-11097: Fixed an out of bounds read in\n ntlm_av_pair_get.\n\n - CVE-2020-11098: Fixed an out of bounds read in\n glyph_cache_put.\n\n - CVE-2020-11099: Fixed an out of bounds Read in\n license_read_new_or_upgrade_license_packet.\n\n - CVE-2020-11521: Fixed an out of bounds write in planar.c\n (bsc#1171443).\n\n - CVE-2020-11522: Fixed an out of bounds read in gdi.c\n (bsc#1171444).\n\n - CVE-2020-11523: Fixed an integer overflow in region.c\n (bsc#1171445).\n\n - CVE-2020-11524: Fixed an out of bounds write in\n interleaved.c (bsc#1171446).\n\n - CVE-2020-11525: Fixed an out of bounds read in bitmap.c\n (bsc#1171447).\n\n - CVE-2020-11526: Fixed an out of bounds read in\n update_recv_secondary_order (bsc#1171674).\n\n - CVE-2020-13396: Fixed an Read in\n ntlm_read_ChallengeMessage.\n\n - CVE-2020-13397: Fixed an out of bounds read in\n security_fips_decrypt due to uninitialized value.\n\n - CVE-2020-13398: Fixed an out of bounds write in\n crypto_rsa_common.\n\n - CVE-2020-4030: Fixed an out of bounds read in\n `TrioParse`.\n\n - CVE-2020-4031: Fixed a use after free in\n gdi_SelectObject.\n\n - CVE-2020-4032: Fixed an integer casting in\n `update_recv_secondary_order`.\n\n - CVE-2020-4033: Fixed an out of bound read in\n RLEDECOMPRESS.\n\n - Fixed an issue where freerdp failed with -fno-common\n (bsc#1169748).\n\n - Fixed an issue where USB redirection with FreeRDP was\n not working (bsc#1169679).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 4, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-07-28T00:00:00", "title": "openSUSE Security Update : freerdp (openSUSE-2020-1090)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-4031", "CVE-2020-13397", "CVE-2020-11043", "CVE-2020-11038", "CVE-2020-11019", "CVE-2020-11096", "CVE-2020-11089", "CVE-2020-11521", "CVE-2020-11018", "CVE-2020-11526", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11088", "CVE-2020-11086", "CVE-2020-13398", "CVE-2020-11097", "CVE-2020-11523", "CVE-2020-11039", "CVE-2020-11095", "CVE-2020-11017", "CVE-2020-4032", "CVE-2020-11040", "CVE-2020-4033", "CVE-2020-11041", "CVE-2020-11087", "CVE-2020-11098", "CVE-2020-11085"], "modified": "2020-07-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwinpr2", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:winpr2-devel", "p-cpe:/a:novell:opensuse:libwinpr2-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-debugsource", "p-cpe:/a:novell:opensuse:freerdp-wayland", "p-cpe:/a:novell:opensuse:libuwac0-0", "p-cpe:/a:novell:opensuse:freerdp-proxy", "p-cpe:/a:novell:opensuse:freerdp", "p-cpe:/a:novell:opensuse:freerdp-server-debuginfo", "p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo", "p-cpe:/a:novell:opensuse:libuwac0-0-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-debuginfo", "p-cpe:/a:novell:opensuse:libfreerdp2", "p-cpe:/a:novell:opensuse:uwac0-0-devel", "p-cpe:/a:novell:opensuse:freerdp-server", "p-cpe:/a:novell:opensuse:freerdp-devel", "p-cpe:/a:novell:opensuse:freerdp-proxy-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-wayland-debuginfo"], "id": "OPENSUSE-2020-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/139018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1090.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139018);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2020-11017\", \"CVE-2020-11018\", \"CVE-2020-11019\", \"CVE-2020-11038\", \"CVE-2020-11039\", \"CVE-2020-11040\", \"CVE-2020-11041\", \"CVE-2020-11043\", \"CVE-2020-11085\", \"CVE-2020-11086\", \"CVE-2020-11087\", \"CVE-2020-11088\", \"CVE-2020-11089\", \"CVE-2020-11095\", \"CVE-2020-11096\", \"CVE-2020-11097\", \"CVE-2020-11098\", \"CVE-2020-11099\", \"CVE-2020-11521\", \"CVE-2020-11522\", \"CVE-2020-11523\", \"CVE-2020-11524\", \"CVE-2020-11525\", \"CVE-2020-11526\", \"CVE-2020-13396\", \"CVE-2020-13397\", \"CVE-2020-13398\", \"CVE-2020-4030\", \"CVE-2020-4031\", \"CVE-2020-4032\", \"CVE-2020-4033\");\n\n script_name(english:\"openSUSE Security Update : freerdp (openSUSE-2020-1090)\");\n script_summary(english:\"Check for the openSUSE-2020-1090 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freerdp fixes the following issues :\n\nfrerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and\njsc#ECO-2006) :\n\n - CVE-2020-11017: Fixed a double free which could have\n denied the server's service.\n\n - CVE-2020-11018: Fixed an out of bounds read which a\n malicious clients could have triggered.\n\n - CVE-2020-11019: Fixed an issue which could have led to\n denial of service if logger was set to 'WLOG_TRACE'.\n\n - CVE-2020-11038: Fixed a buffer overflow when /video\n redirection was used.\n\n - CVE-2020-11039: Fixed an issue which could have allowed\n arbitrary memory read and write when USB redirection was\n enabled.\n\n - CVE-2020-11040: Fixed an out of bounds data read in\n clear_decompress_subcode_rlex.\n\n - CVE-2020-11041: Fixed an issue with the configuration\n for sound backend which could have led to server's\n denial of service.\n\n - CVE-2020-11043: Fixed an out of bounds read in\n rfx_process_message_tileset.\n\n - CVE-2020-11085: Fixed an out of bounds read in\n cliprdr_read_format_list.\n\n - CVE-2020-11086: Fixed an out of bounds read in\n ntlm_read_ntlm_v2_client_challenge.\n\n - CVE-2020-11087: Fixed an out of bounds read in\n ntlm_read_AuthenticateMessage.\n\n - CVE-2020-11088: Fixed an out of bounds read in\n ntlm_read_NegotiateMessage.\n\n - CVE-2020-11089: Fixed an out of bounds read in irp\n function family.\n\n - CVE-2020-11095: Fixed a global out of bounds read in\n update_recv_primary_order.\n\n - CVE-2020-11096: Fixed a global out of bounds read in\n update_read_cache_bitmap_v3_order.\n\n - CVE-2020-11097: Fixed an out of bounds read in\n ntlm_av_pair_get.\n\n - CVE-2020-11098: Fixed an out of bounds read in\n glyph_cache_put.\n\n - CVE-2020-11099: Fixed an out of bounds Read in\n license_read_new_or_upgrade_license_packet.\n\n - CVE-2020-11521: Fixed an out of bounds write in planar.c\n (bsc#1171443).\n\n - CVE-2020-11522: Fixed an out of bounds read in gdi.c\n (bsc#1171444).\n\n - CVE-2020-11523: Fixed an integer overflow in region.c\n (bsc#1171445).\n\n - CVE-2020-11524: Fixed an out of bounds write in\n interleaved.c (bsc#1171446).\n\n - CVE-2020-11525: Fixed an out of bounds read in bitmap.c\n (bsc#1171447).\n\n - CVE-2020-11526: Fixed an out of bounds read in\n update_recv_secondary_order (bsc#1171674).\n\n - CVE-2020-13396: Fixed an Read in\n ntlm_read_ChallengeMessage.\n\n - CVE-2020-13397: Fixed an out of bounds read in\n security_fips_decrypt due to uninitialized value.\n\n - CVE-2020-13398: Fixed an out of bounds write in\n crypto_rsa_common.\n\n - CVE-2020-4030: Fixed an out of bounds read in\n `TrioParse`.\n\n - CVE-2020-4031: Fixed a use after free in\n gdi_SelectObject.\n\n - CVE-2020-4032: Fixed an integer casting in\n `update_recv_secondary_order`.\n\n - CVE-2020-4033: Fixed an out of bound read in\n RLEDECOMPRESS.\n\n - Fixed an issue where freerdp failed with -fno-common\n (bsc#1169748).\n\n - Fixed an issue where USB redirection with FreeRDP was\n not working (bsc#1169679).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174200\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freerdp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13398\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-proxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-wayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-wayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreerdp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuwac0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuwac0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwinpr2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwinpr2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uwac0-0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:winpr2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-debugsource-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-devel-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-proxy-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-proxy-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-server-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-server-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-wayland-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-wayland-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreerdp2-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreerdp2-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuwac0-0-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuwac0-0-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwinpr2-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwinpr2-debuginfo-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"uwac0-0-devel-2.1.2-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"winpr2-devel-2.1.2-lp151.5.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-debuginfo / freerdp-debugsource / freerdp-devel / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:33", "description": "According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-07-30T00:00:00", "title": "EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2020-1801)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11089", "CVE-2020-13398", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freerdp-libs", "p-cpe:/a:huawei:euleros:libwinpr", "p-cpe:/a:huawei:euleros:freerdp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1801.NASL", "href": "https://www.tenable.com/plugins/nessus/139131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139131);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11089\",\n \"CVE-2020-11098\",\n \"CVE-2020-13398\",\n \"CVE-2020-4033\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2020-1801)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1801\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a957e008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freerdp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwinpr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freerdp-2.0.0-44.rc3.h7.eulerosv2r8\",\n \"freerdp-libs-2.0.0-44.rc3.h7.eulerosv2r8\",\n \"libwinpr-2.0.0-44.rc3.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:44", "description": "According to the version of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-10-30T00:00:00", "title": "EulerOS 2.0 SP5 : freerdp (EulerOS-SA-2020-2245)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11098"], "modified": "2020-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freerdp-plugins", "p-cpe:/a:huawei:euleros:freerdp-libs", "p-cpe:/a:huawei:euleros:freerdp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2245.NASL", "href": "https://www.tenable.com/plugins/nessus/142106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142106);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11098\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : freerdp (EulerOS-SA-2020-2245)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2245\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15f50cc9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freerdp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freerdp-1.0.2-15.h9.eulerosv2r7\",\n \"freerdp-libs-1.0.2-15.h9.eulerosv2r7\",\n \"freerdp-plugins-1.0.2-15.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-05T10:12:13", "description": "Bernhard Miklautz reports :\n\n- Integer overflow due to missing input sanitation in rdpegfx channel\n\n- All FreeRDP clients are affected\n\n- The input rectangles from the server are not checked against local\nsurface coordinates and blindly accepted. A malicious server can send\ndata that will crash the client later on (invalid length arguments to\na memcpy)", "edition": 2, "cvss3": {"score": 3.5, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}, "published": "2020-07-30T00:00:00", "title": "FreeBSD : FreeRDP -- Integer overflow in RDPEGFX channel (a955cdb7-d089-11ea-8c6f-080027eedc6a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15103"], "modified": "2020-07-30T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freerdp"], "id": "FREEBSD_PKG_A955CDB7D08911EA8C6F080027EEDC6A.NASL", "href": "https://www.tenable.com/plugins/nessus/139111", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139111);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/03\");\n\n script_cve_id(\"CVE-2020-15103\");\n\n script_name(english:\"FreeBSD : FreeRDP -- Integer overflow in RDPEGFX channel (a955cdb7-d089-11ea-8c6f-080027eedc6a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Bernhard Miklautz reports :\n\n- Integer overflow due to missing input sanitation in rdpegfx channel\n\n- All FreeRDP clients are affected\n\n- The input rectangles from the server are not checked against local\nsurface coordinates and blindly accepted. A malicious server can send\ndata that will crash the client later on (invalid length arguments to\na memcpy)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.freerdp.com/2020/07/20/2_2_0-released\"\n );\n # https://vuxml.freebsd.org/freebsd/a955cdb7-d089-11ea-8c6f-080027eedc6a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9169e761\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freerdp<2.2.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T04:26:46", "description": "This update for freerdp fixes the following issues :\n\n - CVE-2020-15103: Fix integer overflow due to missing\n input sanitation in rdpegfx channel (bsc#1174321).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 2, "cvss3": {"score": 3.5, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}, "published": "2020-09-08T00:00:00", "title": "openSUSE Security Update : freerdp (openSUSE-2020-1332)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15103"], "modified": "2020-09-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwinpr2", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:winpr2-devel", "p-cpe:/a:novell:opensuse:libwinpr2-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-debugsource", "p-cpe:/a:novell:opensuse:freerdp-wayland", "p-cpe:/a:novell:opensuse:libuwac0-0", "p-cpe:/a:novell:opensuse:freerdp-proxy", "p-cpe:/a:novell:opensuse:freerdp", "p-cpe:/a:novell:opensuse:freerdp-server-debuginfo", "p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo", "p-cpe:/a:novell:opensuse:libuwac0-0-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-debuginfo", "p-cpe:/a:novell:opensuse:libfreerdp2", "p-cpe:/a:novell:opensuse:uwac0-0-devel", "p-cpe:/a:novell:opensuse:freerdp-server", "p-cpe:/a:novell:opensuse:freerdp-devel", "p-cpe:/a:novell:opensuse:freerdp-proxy-debuginfo", "p-cpe:/a:novell:opensuse:freerdp-wayland-debuginfo"], "id": "OPENSUSE-2020-1332.NASL", "href": "https://www.tenable.com/plugins/nessus/140367", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1332.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140367);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2020-15103\");\n\n script_name(english:\"openSUSE Security Update : freerdp (openSUSE-2020-1332)\");\n script_summary(english:\"Check for the openSUSE-2020-1332 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freerdp fixes the following issues :\n\n - CVE-2020-15103: Fix integer overflow due to missing\n input sanitation in rdpegfx channel (bsc#1174321).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174321\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freerdp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-proxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-wayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freerdp-wayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreerdp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuwac0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuwac0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwinpr2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwinpr2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uwac0-0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:winpr2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-debugsource-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-devel-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-proxy-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-proxy-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-server-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-server-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-wayland-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freerdp-wayland-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreerdp2-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreerdp2-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuwac0-0-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuwac0-0-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwinpr2-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwinpr2-debuginfo-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"uwac0-0-devel-2.1.2-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"winpr2-devel-2.1.2-lp151.5.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp / freerdp-debuginfo / freerdp-debugsource / freerdp-devel / etc\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:52", "description": "According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4\n has an Out-of-bounds Read.(CVE-2020-11522)\n\n - libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0\n through 2.0.0-rc4 has an Out of bounds\n read.(CVE-2020-11525)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) read vulnerability has been\n detected in security_fips_decrypt in\n libfreerdp/core/security.c due to an uninitialized\n value.(CVE-2020-13397)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : freerdp (EulerOS-SA-2020-2343)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11522", "CVE-2020-13397", "CVE-2020-11089", "CVE-2020-11525", "CVE-2020-13398", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freerdp-plugins", "p-cpe:/a:huawei:euleros:freerdp-libs", "p-cpe:/a:huawei:euleros:freerdp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2343.NASL", "href": "https://www.tenable.com/plugins/nessus/142342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142342);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11089\",\n \"CVE-2020-11098\",\n \"CVE-2020-11522\",\n \"CVE-2020-11525\",\n \"CVE-2020-13397\",\n \"CVE-2020-13398\",\n \"CVE-2020-4033\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : freerdp (EulerOS-SA-2020-2343)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4\n has an Out-of-bounds Read.(CVE-2020-11522)\n\n - libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0\n through 2.0.0-rc4 has an Out of bounds\n read.(CVE-2020-11525)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) read vulnerability has been\n detected in security_fips_decrypt in\n libfreerdp/core/security.c due to an uninitialized\n value.(CVE-2020-13397)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2343\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc384e6c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freerdp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freerdp-1.0.2-6.1.h8\",\n \"freerdp-libs-1.0.2-6.1.h8\",\n \"freerdp-plugins-1.0.2-6.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:18", "description": "According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4\n has an Out-of-bounds Read.(CVE-2020-11522)\n\n - libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0\n through 2.0.0-rc4 has an Out of bounds\n read.(CVE-2020-11525)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) read vulnerability has been\n detected in security_fips_decrypt in\n libfreerdp/core/security.c due to an uninitialized\n value.(CVE-2020-13397)\n\n - In FreeRDP after 1.0 and before 2.0.0, there is a\n stream out-of-bounds seek in update_read_synchronize\n that could lead to a later out-of-bounds\n read.(CVE-2020-11046)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : freerdp (EulerOS-SA-2020-2064)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11522", "CVE-2020-13397", "CVE-2020-11089", "CVE-2020-11046", "CVE-2020-11525", "CVE-2020-13398", "CVE-2020-4033", "CVE-2020-11098"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freerdp-plugins", "p-cpe:/a:huawei:euleros:freerdp-libs", "p-cpe:/a:huawei:euleros:freerdp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2064.NASL", "href": "https://www.tenable.com/plugins/nessus/140831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140831);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11046\",\n \"CVE-2020-11089\",\n \"CVE-2020-11098\",\n \"CVE-2020-11522\",\n \"CVE-2020-11525\",\n \"CVE-2020-13397\",\n \"CVE-2020-13398\",\n \"CVE-2020-4033\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : freerdp (EulerOS-SA-2020-2064)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the freerdp packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In FreeRDP before version 2.1.2, there is an\n out-of-bound read in glyph_cache_put. This affects all\n FreeRDP clients with `+glyph-cache` option enabled This\n is fixed in version 2.1.2.(CVE-2020-11098)\n\n - In FreeRDP before 2.1.0, there is an out-of-bound read\n in irp functions (parallel_process_irp_create,\n serial_process_irp_create, drive_process_irp_write,\n printer_process_irp_write, rdpei_recv_pdu,\n serial_process_irp_write). This has been fixed in\n 2.1.0.(CVE-2020-11089)\n\n - In FreeRDP before version 2.1.2, there is an out of\n bounds read in RLEDECOMPRESS. All FreeRDP based clients\n with sessions with color depth < 32 are affected. This\n is fixed in version 2.1.2.(CVE-2020-4033)\n\n - libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4\n has an Out-of-bounds Read.(CVE-2020-11522)\n\n - libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0\n through 2.0.0-rc4 has an Out of bounds\n read.(CVE-2020-11525)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) read vulnerability has been\n detected in security_fips_decrypt in\n libfreerdp/core/security.c due to an uninitialized\n value.(CVE-2020-13397)\n\n - In FreeRDP after 1.0 and before 2.0.0, there is a\n stream out-of-bounds seek in update_read_synchronize\n that could lead to a later out-of-bounds\n read.(CVE-2020-11046)\n\n - An issue was discovered in FreeRDP before 2.1.1. An\n out-of-bounds (OOB) write vulnerability has been\n detected in crypto_rsa_common in\n libfreerdp/crypto/crypto.c.(CVE-2020-13398)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2064\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f21505e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freerdp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freerdp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freerdp-1.0.2-6.1.h9\",\n \"freerdp-libs-1.0.2-6.1.h9\",\n \"freerdp-plugins-1.0.2-6.1.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freerdp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11095", "CVE-2020-11096", "CVE-2020-11097", "CVE-2020-11098", "CVE-2020-11099", "CVE-2020-15103", "CVE-2020-4030", "CVE-2020-4031", "CVE-2020-4032", "CVE-2020-4033"], "description": "The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. ", "modified": "2020-08-01T01:18:39", "published": "2020-08-01T01:18:39", "id": "FEDORA:2D325323D664", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: freerdp-2.2.0-1.fc31", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-09-01T21:58:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-4031", "CVE-2020-11096", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11097", "CVE-2020-11095", "CVE-2020-4032", "CVE-2020-15103", "CVE-2020-4033", "CVE-2020-11098"], "description": "It was discovered that FreeRDP incorrectly handled certain memory \noperations. A remote attacker could use this issue to cause FreeRDP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 1, "modified": "2020-09-01T00:00:00", "published": "2020-09-01T00:00:00", "id": "USN-4481-1", "href": "https://ubuntu.com/security/notices/USN-4481-1", "title": "FreeRDP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11095", "CVE-2020-11096", "CVE-2020-11097", "CVE-2020-11098", "CVE-2020-11099", "CVE-2020-4030", "CVE-2020-4031", "CVE-2020-4032", "CVE-2020-4033"], "description": "Arch Linux Security Advisory ASA-202006-15\n==========================================\n\nSeverity: High\nDate : 2020-06-28\nCVE-ID : CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033\nCVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098\nCVE-2020-11099\nPackage : freerdp\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1193\n\nSummary\n=======\n\nThe package freerdp before version 2:2.1.2-1 is vulnerable to multiple\nissues including arbitrary code execution and information disclosure.\n\nResolution\n==========\n\nUpgrade to 2:2.1.2-1.\n\n# pacman -Syu \"freerdp>=2:2.1.2-1\"\n\nThe problems have been fixed upstream in version 2.1.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-4030 (information disclosure)\n\nAn out-of-bounds read has been found in FreeRDP before 2.1.2, where\nlogging might bypass string length checks due to an integer overflow.\n\n- CVE-2020-4031 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in FreeRDP before 2.1.2,\nin gdi_SelectObject(). Clients using compatibility mode enabled with\n/relax-order-checks are affected.\n\n- CVE-2020-4032 (information disclosure)\n\nAn integer casting vulnerability leading to an out-of-bounds read has\nbeen found in FreeRDP before 2.1.2, in update_recv_secondary_order(),\non clients with +glyph-cache or /relax-order-checks options enabled.\n\n- CVE-2020-4033 (information disclosure)\n\nAn out-of-bounds read of up to 4 bytes has been found in FreeRDP before\n2.1.2, affecting all FreeRDP based clients with sessions with color\ndepth < 32.\n\n- CVE-2020-11095 (information disclosure)\n\nA global out-of-bounds read has been found in FreeRDP before 2.1.2, in\nupdate_recv_primary_order.\n\n- CVE-2020-11096 (information disclosure)\n\nAn out-of-bounds read has been found in FreeRDP before 2.1.2, in\nupdate_read_cache_bitmap_v3_order().\n\n- CVE-2020-11097 (information disclosure)\n\nAn out-of-bounds read has been found in FreeRDP before 2.1.2, in\nntlm_av_pair_get().\n\n- CVE-2020-11098 (information disclosure)\n\nAn out-of-bounds read has been found in FreeRDP before 2.1.2, in\nglyph_cache_put. This issue only exists when glyph-cache is enabled,\nwhich is not the case by default.\n\n- CVE-2020-11099 (information disclosure)\n\nAn out-of-bounds read has been found in FreeRDP before 2.1.2, in\nlicense_read_new_or_upgrade_license_packet().\n\nImpact\n======\n\nA remote attacker might be able to access sensitive information or\ncrash the application via a crafted RDP session. A malicious server, or\nan attacker in position of man-in-the-middle might be able to execute\narbitrary code on the affected host.\n\nReferences\n==========\n\nhttp://www.freerdp.com/2020/06/22/2_1_2-released\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98\nhttps://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g\nhttps://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc\nhttps://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8\nhttps://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2\nhttps://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x\nhttps://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f\nhttps://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv\nhttps://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h\nhttps://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a\nhttps://security.archlinux.org/CVE-2020-4030\nhttps://security.archlinux.org/CVE-2020-4031\nhttps://security.archlinux.org/CVE-2020-4032\nhttps://security.archlinux.org/CVE-2020-4033\nhttps://security.archlinux.org/CVE-2020-11095\nhttps://security.archlinux.org/CVE-2020-11096\nhttps://security.archlinux.org/CVE-2020-11097\nhttps://security.archlinux.org/CVE-2020-11098\nhttps://security.archlinux.org/CVE-2020-11099", "modified": "2020-06-28T00:00:00", "published": "2020-06-28T00:00:00", "id": "ASA-202006-15", "href": "https://security.archlinux.org/ASA-202006-15", "type": "archlinux", "title": "[ASA-202006-15] freerdp: multiple issues", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2020-12-24T13:57:51", "description": "In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto", "edition": 12, "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 3.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-07-27T18:15:00", "title": "CVE-2020-15103", "type": "cve", "cwe": ["CWE-680", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15103"], "modified": "2020-12-23T18:34:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:freerdp:freerdp:2.1.2", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-15103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15103", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:freerdp:freerdp:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T22:03:04", "description": "In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-11098", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11098"], "modified": "2020-09-08T10:15:00", "cpe": [], "id": "CVE-2020-11098", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11098", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:04", "description": "In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-11099", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11099"], "modified": "2020-09-08T10:15:00", "cpe": [], "id": "CVE-2020-11099", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11099", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:04", "description": "In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-11095", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11095"], "modified": "2020-09-08T10:15:00", "cpe": [], "id": "CVE-2020-11095", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11095", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:04", "description": "In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-11096", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11096"], "modified": "2020-09-08T10:15:00", "cpe": [], "id": "CVE-2020-11096", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11096", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:04", "description": "In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-11097", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11097"], "modified": "2020-09-08T10:15:00", "cpe": [], "id": "CVE-2020-11097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11097", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:15", "description": "In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-4032", "type": "cve", "cwe": ["CWE-681"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4032"], "modified": "2020-09-08T10:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-4032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4032", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:15", "description": "In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-4033", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4033"], "modified": "2020-09-08T10:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-4033", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4033", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:15", "description": "In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-4031", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4031"], "modified": "2020-09-08T10:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-4031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4031", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:15", "description": "In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-06-22T22:15:00", "title": "CVE-2020-4030", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4030"], "modified": "2020-09-08T10:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-4030", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4030", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2020-07-27T01:26:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11522", "CVE-2020-13396", "CVE-2020-4031", "CVE-2020-13397", "CVE-2020-11043", "CVE-2020-11038", "CVE-2020-11019", "CVE-2020-11096", "CVE-2020-11089", "CVE-2020-11521", "CVE-2020-11018", "CVE-2020-11526", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-4030", "CVE-2020-11099", "CVE-2020-11088", "CVE-2020-11086", "CVE-2020-13398", "CVE-2020-11097", "CVE-2020-11523", "CVE-2020-11039", "CVE-2020-11095", "CVE-2020-11017", "CVE-2020-4032", "CVE-2020-11040", "CVE-2020-4033", "CVE-2020-11041", "CVE-2020-11087", "CVE-2020-11098", "CVE-2020-11085"], "description": "This update for freerdp fixes the following issues:\n\n frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and\n jsc#ECO-2006):\n\n - CVE-2020-11017: Fixed a double free which could have denied the server's\n service.\n - CVE-2020-11018: Fixed an out of bounds read which a malicious clients\n could have triggered.\n - CVE-2020-11019: Fixed an issue which could have led to denial of service\n if logger was set to "WLOG_TRACE".\n - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.\n - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory\n read and write when USB redirection was enabled.\n - CVE-2020-11040: Fixed an out of bounds data read in\n clear_decompress_subcode_rlex.\n - CVE-2020-11041: Fixed an issue with the configuration for sound backend\n which could have led to server's denial of service.\n - CVE-2020-11043: Fixed an out of bounds read in\n rfx_process_message_tileset.\n - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list.\n - CVE-2020-11086: Fixed an out of bounds read in\n ntlm_read_ntlm_v2_client_challenge.\n - CVE-2020-11087: Fixed an out of bounds read in\n ntlm_read_AuthenticateMessage.\n - CVE-2020-11088: Fixed an out of bounds read in\n ntlm_read_NegotiateMessage.\n - CVE-2020-11089: Fixed an out of bounds read in irp function family.\n - CVE-2020-11095: Fixed a global out of bounds read in\n update_recv_primary_order.\n - CVE-2020-11096: Fixed a global out of bounds read in\n update_read_cache_bitmap_v3_order.\n - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get.\n - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put.\n - CVE-2020-11099: Fixed an out of bounds Read in\n license_read_new_or_upgrade_license_packet.\n - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443).\n - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444).\n - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445).\n - CVE-2020-11524: Fixed an out of bounds write in interleaved.c\n (bsc#1171446).\n - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447).\n - CVE-2020-11526: Fixed an out of bounds read in\n update_recv_secondary_order (bsc#1171674).\n - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage.\n - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due\n to uninitialized value.\n - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common.\n - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`.\n - CVE-2020-4031: Fixed a use after free in gdi_SelectObject.\n - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`.\n - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS.\n - Fixed an issue where freerdp failed with -fno-common (bsc#1169748).\n - Fixed an issue where USB redirection with FreeRDP was not working\n (bsc#1169679).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-07-27T00:12:31", "published": "2020-07-27T00:12:31", "id": "OPENSUSE-SU-2020:1090-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html", "title": "Security update for freerdp (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T20:40:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15103"], "description": "This update for freerdp fixes the following issues:\n\n - CVE-2020-15103: Fix integer overflow due to missing input sanitation in\n rdpegfx channel (bsc#1174321).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-09-04T18:31:39", "published": "2020-09-04T18:31:39", "id": "OPENSUSE-SU-2020:1332-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html", "title": "Security update for freerdp (moderate)", "type": "suse", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2020-07-30T11:26:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15103"], "description": "\nBernhard Miklautz reports:\n\n\n\n\t Integer overflow due to missing input sanitation in rdpegfx channel\n\t\nAll FreeRDP clients are affected\n\n\t The input rectangles from the server are not checked against local\n\t surface coordinates and blindly accepted. A malicious server can send\n\t data that will crash the client later on (invalid length arguments to\n\t a memcpy)\n\t\n\n\n", "edition": 2, "modified": "2020-06-25T00:00:00", "published": "2020-06-25T00:00:00", "id": "A955CDB7-D089-11EA-8C6F-080027EEDC6A", "href": "https://vuxml.freebsd.org/freebsd/a955cdb7-d089-11ea-8c6f-080027eedc6a.html", "title": "FreeRDP -- Integer overflow in RDPEGFX channel", "type": "freebsd", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}]}
