Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2356.NASLHistoryAug 31, 2020 - 12:00 a.m.
Debian DLA-2356-1 : freerdp security update
2020-08-3100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.9 High
AI Score
Confidence
Low
Several vulnerabilites have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol.
CVE-2014-0791
An integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.
CVE-2020-11042
In FreeRDP there was an out-of-bounds read in update_read_icon_info.
It allowed reading an attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This could have been used to crash the client or store information for later retrieval.
CVE-2020-11045
In FreeRDP there was an out-of-bound read in in update_read_bitmap_data that allowed client memory to be read to an image buffer. The result displayed on screen as colour.
CVE-2020-11046
In FreeRDP there was a stream out-of-bounds seek in update_read_synchronize that could have lead to a later out-of-bounds read.
CVE-2020-11048
In FreeRDP there was an out-of-bounds read. It only allowed to abort a session. No data extraction was possible.
CVE-2020-11058
In FreeRDP, a stream out-of-bounds seek in rdp_read_font_capability_set could have lead to a later out-of-bounds read. As a result, a manipulated client or server might have forced a disconnect due to an invalid data read.
CVE-2020-11521
libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.
CVE-2020-11522
libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.
CVE-2020-11523
libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.
CVE-2020-11525
libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.
CVE-2020-11526
libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.
CVE-2020-13396
An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVE-2020-13397
An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
CVE-2020-13398
An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
For Debian 9 stretch, these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.
We recommend that you upgrade your freerdp packages.
For the detailed security status of freerdp please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/freerdp
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2356-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(140055);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/22");
script_cve_id(
"CVE-2014-0791",
"CVE-2020-11042",
"CVE-2020-11045",
"CVE-2020-11046",
"CVE-2020-11048",
"CVE-2020-11058",
"CVE-2020-11521",
"CVE-2020-11522",
"CVE-2020-11523",
"CVE-2020-11525",
"CVE-2020-11526",
"CVE-2020-13396",
"CVE-2020-13397",
"CVE-2020-13398"
);
script_bugtraq_id(64689);
script_name(english:"Debian DLA-2356-1 : freerdp security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Several vulnerabilites have been reported against FreeRDP, an Open
Source server and client implementation of the Microsoft RDP protocol.
CVE-2014-0791
An integer overflow in the license_read_scope_list function in
libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to
cause a denial of service (application crash) or possibly have
unspecified other impact via a large ScopeCount value in a Scope List
in a Server License Request packet.
CVE-2020-11042
In FreeRDP there was an out-of-bounds read in update_read_icon_info.
It allowed reading an attacker-defined amount of client memory (32bit
unsigned -> 4GB) to an intermediate buffer. This could have been used
to crash the client or store information for later retrieval.
CVE-2020-11045
In FreeRDP there was an out-of-bound read in in
update_read_bitmap_data that allowed client memory to be read to an
image buffer. The result displayed on screen as colour.
CVE-2020-11046
In FreeRDP there was a stream out-of-bounds seek in
update_read_synchronize that could have lead to a later out-of-bounds
read.
CVE-2020-11048
In FreeRDP there was an out-of-bounds read. It only allowed to abort a
session. No data extraction was possible.
CVE-2020-11058
In FreeRDP, a stream out-of-bounds seek in
rdp_read_font_capability_set could have lead to a later out-of-bounds
read. As a result, a manipulated client or server might have forced a
disconnect due to an invalid data read.
CVE-2020-11521
libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.
CVE-2020-11522
libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.
CVE-2020-11523
libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.
CVE-2020-11525
libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.
CVE-2020-11526
libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.
CVE-2020-13396
An out-of-bounds (OOB) read vulnerability has been detected in
ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVE-2020-13397
An out-of-bounds (OOB) read vulnerability has been detected in
security_fips_decrypt in libfreerdp/core/security.c due to an
uninitialized value.
CVE-2020-13398
An out-of-bounds (OOB) write vulnerability has been detected in
crypto_rsa_common in libfreerdp/crypto/crypto.c.
For Debian 9 stretch, these problems have been fixed in version
1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.
We recommend that you upgrade your freerdp packages.
For the detailed security status of freerdp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/freerdp
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/freerdp");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/freerdp");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0791");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-13398");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freerdp-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freerdp-x11-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-cache1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-client1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-codec1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-common1.1.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-core1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-crypto1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-gdi1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-locale1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-plugins-standard");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-plugins-standard-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-primitives1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-rail1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreerdp-utils1.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-asn1-0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-bcrypt0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-credentials0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-credui0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-crt0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-crypto0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-dsparse0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-environment0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-error0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-file0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-handle0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-heap0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-input0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-interlocked0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-io0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-library0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-path0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-pipe0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-pool0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-registry0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-rpc0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-sspi0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-sspicli0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-synch0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-sysinfo0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-thread0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-timezone0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-utils0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-winhttp0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwinpr-winsock0.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfreerdp-client-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfreerdp-client1.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"freerdp-x11", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"freerdp-x11-dbg", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-cache1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-client1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-codec1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-common1.1.0", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-core1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-crypto1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-dbg", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-dev", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-gdi1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-locale1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-plugins-standard", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-plugins-standard-dbg", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-primitives1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-rail1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libfreerdp-utils1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-asn1-0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-bcrypt0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-credentials0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-credui0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-crt0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-crypto0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-dbg", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-dev", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-dsparse0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-environment0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-error0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-file0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-handle0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-heap0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-input0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-interlocked0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-io0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-library0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-path0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-pipe0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-pool0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-registry0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-rpc0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-sspi0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-sspicli0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-synch0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-sysinfo0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-thread0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-timezone0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-utils0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-winhttp0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libwinpr-winsock0.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libxfreerdp-client-dbg", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"libxfreerdp-client1.1", reference:"1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | libfreerdp-rail1.1 | p-cpe:/a:debian:debian_linux:libfreerdp-rail1.1 |
| debian | debian_linux | libfreerdp-utils1.1 | p-cpe:/a:debian:debian_linux:libfreerdp-utils1.1 |
| debian | debian_linux | libwinpr-asn1-0.1 | p-cpe:/a:debian:debian_linux:libwinpr-asn1-0.1 |
| debian | debian_linux | libwinpr-bcrypt0.1 | p-cpe:/a:debian:debian_linux:libwinpr-bcrypt0.1 |
| debian | debian_linux | libwinpr-credentials0.1 | p-cpe:/a:debian:debian_linux:libwinpr-credentials0.1 |
| debian | debian_linux | libwinpr-credui0.1 | p-cpe:/a:debian:debian_linux:libwinpr-credui0.1 |
| debian | debian_linux | libwinpr-crt0.1 | p-cpe:/a:debian:debian_linux:libwinpr-crt0.1 |
| debian | debian_linux | libwinpr-crypto0.1 | p-cpe:/a:debian:debian_linux:libwinpr-crypto0.1 |
| debian | debian_linux | libwinpr-dbg | p-cpe:/a:debian:debian_linux:libwinpr-dbg |
| debian | debian_linux | libwinpr-dev | p-cpe:/a:debian:debian_linux:libwinpr-dev |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13398
lists.debian.org/debian-lts-announce/2020/08/msg00054.html
packages.debian.org/source/stretch/freerdp
security-tracker.debian.org/tracker/source-package/freerdp
Related
osv
osv
freerdp - security update
2020-08-30 00:00:00
freerdp vulnerabilities
2020-11-26 18:47:18
Moderate: freerdp and vinagre security, bug fix, and enhancement update
2020-11-03 12:23:37
ubuntu
ubuntu
FreeRDP vulnerabilities
2020-11-26 00:00:00
FreeRDP vulnerabilities
2020-06-04 00:00:00
FreeRDP vulnerabilities
2020-06-01 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : FreeRDP vulnerabilities (USN-4382-2)
2020-11-26 00:00:00
Ubuntu 16.04 LTS : FreeRDP vulnerabilities (USN-4382-1)
2020-06-05 00:00:00
EulerOS 2.0 SP5 : freerdp (EulerOS-SA-2020-1917)
2020-09-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory for freerdp (USN-4382-1)
2020-06-05 00:00:00
Ubuntu: Security Advisory for freerdp2 (USN-4379-1)
2020-06-02 00:00:00
FreeRDP > 1.0.0 & < 2.0.0 Multiple Out-of-Bounds Vulnerabilities
2020-05-13 00:00:00
debian
debian
[SECURITY] [DLA 2356-1] freerdp security update
2020-08-29 23:51:52
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.0.0-alt5
2020-04-15 00:00:00
archlinux
archlinux
[ASA-202005-16] freerdp: information disclosure
2020-05-23 00:00:00
gentoo
gentoo
FreeRDP: Multiple vulnerabilities
2020-05-14 00:00:00
oraclelinux
oraclelinux
freerdp security, bug fix, and enhancement update
2020-10-06 00:00:00
freerdp and vinagre security, bug fix, and enhancement update
2020-11-10 00:00:00
freerdp security update
2020-06-05 00:00:00
redhat
redhat
(RHSA-2020:4647) Moderate: freerdp and vinagre security, bug fix, and enhancement update
2020-11-03 12:23:37
(RHSA-2020:4031) Moderate: freerdp security, bug fix, and enhancement update
2020-09-29 07:53:01
(RHSA-2020:2336) Important: freerdp security update
2020-05-28 18:01:54
rocky
rocky
freerdp and vinagre security, bug fix, and enhancement update
2020-11-03 12:23:37
amazon
amazon
Medium: freerdp
2020-10-22 17:36:00
almalinux
almalinux
Moderate: freerdp and vinagre security, bug fix, and enhancement update
2020-11-03 12:23:37
centos
centos
freerdp, libwinpr security update
2020-10-20 18:03:15
freerdp, libwinpr security update
2020-06-01 17:27:23
freerdp security update
2020-06-04 20:08:00
mageia
mageia
Updated freerdp/remmina packages fix security vulnerability
2020-08-01 02:25:42
freebsd
freebsd
FreeRDP -- multiple vulnerabilities
2020-04-10 00:00:00
prion
prion
alpinelinux
alpinelinux
ubuntucve
ubuntucve
debiancve
debiancve
suse
suse
Security update for freerdp (important)
2020-07-26 00:00:00
cve
cve
veracode
veracode
Denial Of Service (DoS)
2020-10-01 03:56:28
Arbitrary Code Execution
2020-06-06 03:34:51
Denial Of Service (DoS)
2020-08-06 21:33:37
redhatcve
redhatcve
securityvulns
securityvulns
FreeRDP integer overflow
2015-04-13 00:00:00