Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-2993-1.NASL
HistorySep 03, 2022 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2022:2993-1)

2022-09-0300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2993-1 advisory.

  • FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    All FreeRDP clients prior to version 2.4.1 using gateway connections (/gt:rpc) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway. (CVE-2021-41159)

  • FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    In affected versions a malicious server might trigger out of bound writes in a connected client.
    Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0 width/height or out of bound rectangles to trigger out of bound writes. With 0 width or heigth the memory allocation will be 0 but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:2993-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(164665);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");

  script_cve_id("CVE-2021-41159", "CVE-2021-41160");
  script_xref(name:"SuSE", value:"SUSE-SU-2022:2993-1");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2022:2993-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by
multiple vulnerabilities as referenced in the SUSE-SU-2022:2993-1 advisory.

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input
    data. A malicious gateway might allow client memory to be written out of bounds. This issue has been
    resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections
    if possible or use a direct connection without a gateway. (CVE-2021-41159)

  - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    In affected versions a malicious server might trigger out of bound writes in a connected client.
    Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0`
    width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the
    memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not
    allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191895");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-41159");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-41160");
  # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012063.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?28eea533");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41160");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freerdp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freerdp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freerdp-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreerdp2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwinpr2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:winpr2-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP4", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'freerdp-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-proxy-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-proxy-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libfreerdp2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libfreerdp2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libwinpr2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libwinpr2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'winpr2-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'winpr2-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'freerdp-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'freerdp-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'freerdp-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'freerdp-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'freerdp-proxy-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'freerdp-proxy-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'libfreerdp2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'libfreerdp2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'libwinpr2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'libwinpr2-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'winpr2-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'winpr2-devel-2.4.0-150400.3.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.4', 'sled-release-15.4', 'sles-release-15.4']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-proxy / libfreerdp2 / libwinpr2 / etc');
}
VendorProductVersionCPE
novellsuse_linuxfreerdpp-cpe:/a:novell:suse_linux:freerdp
novellsuse_linuxfreerdp-develp-cpe:/a:novell:suse_linux:freerdp-devel
novellsuse_linuxfreerdp-proxyp-cpe:/a:novell:suse_linux:freerdp-proxy
novellsuse_linuxlibfreerdp2p-cpe:/a:novell:suse_linux:libfreerdp2
novellsuse_linuxlibwinpr2p-cpe:/a:novell:suse_linux:libwinpr2
novellsuse_linuxwinpr2-develp-cpe:/a:novell:suse_linux:winpr2-devel
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

nessus 21
openvas 33
fedora 24
redhat 5
osv 6
oraclelinux 2
centos 1
amazon 1
almalinux 1
ubuntu 1
altlinux 1
suse 2
archlinux 1
rocky 1
mageia 1
ubuntucve 2
redhatcve 2
prion 2
veracode 2
cve 2
alpinelinux 2
debiancve 2
cnvd 1
githubexploit 1
gentoo 1
debian 1
nessus
nessus
CentOS 7 : freerdp (CESA-2021:4619)
2021-11-17 00:00:00
RHEL 8 : freerdp (RHSA-2021:4622)
2021-11-13 00:00:00
CentOS 9 : freerdp-2.4.1-2.el9
2024-02-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0522)
2022-01-28 00:00:00
CentOS: Security Advisory for freerdp (CESA-2021:4619)
2021-11-18 00:00:00
Fedora: Security Advisory for freerdp (FEDORA-2021-2c25f03d0b)
2021-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: remmina-1.4.21-1.fc35
2021-11-17 01:13:55
[SECURITY] Fedora 35 Update: freerdp-2.4.1-1.fc35
2021-11-17 01:13:55
[SECURITY] Fedora 35 Update: guacamole-server-1.3.0-9.fc35
2021-11-17 01:13:55
redhat
redhat
(RHSA-2021:4622) Important: freerdp security update
2021-11-11 09:34:33
(RHSA-2021:4621) Important: freerdp security update
2021-11-11 09:34:20
(RHSA-2021:4619) Important: freerdp security update
2021-11-11 09:30:35
osv
osv
Important: freerdp security update
2021-11-11 09:34:33
freerdp2 vulnerabilities
2021-11-23 14:40:45
Important: freerdp security update
2021-11-11 09:34:33
oraclelinux
oraclelinux
freerdp security update
2021-11-11 00:00:00
freerdp security update
2021-11-18 00:00:00
centos
centos
freerdp, libwinpr security update
2021-11-17 15:09:25
amazon
amazon
Important: freerdp
2022-01-18 21:37:00
almalinux
almalinux
Important: freerdp security update
2021-11-11 09:34:33
ubuntu
ubuntu
FreeRDP vulnerabilities
2021-11-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.4.1-alt1
2021-11-01 00:00:00
suse
suse
Security update for freerdp (important)
2022-09-02 00:00:00
Security update for freerdp (important)
2022-08-25 00:00:00
archlinux
archlinux
[ASA-202110-11] freerdp: arbitrary code execution
2021-10-29 00:00:00
rocky
rocky
freerdp security update
2021-11-11 09:34:33
mageia
mageia
Updated freerdp packages fix security vulnerability
2021-11-25 16:06:13
ubuntucve
ubuntucve
CVE-2021-41159
2021-10-21 00:00:00
CVE-2021-41160
2021-10-21 00:00:00
redhatcve
redhatcve
CVE-2021-41159
2021-10-21 13:21:13
CVE-2021-41160
2021-10-21 13:54:57
prion
prion
Out-of-bounds
2021-10-21 19:15:00
Out-of-bounds
2021-10-21 19:15:00
veracode
veracode
Out Of Bounds (OOB) Write
2021-10-23 07:15:59
Out-of-Bounds Write
2021-10-23 07:15:32
cve
cve
CVE-2021-41159
2021-10-21 19:15:00
CVE-2021-41160
2021-10-21 19:15:00
alpinelinux
alpinelinux
CVE-2021-41159
2021-10-21 19:15:00
CVE-2021-41160
2021-10-21 19:15:00
debiancve
debiancve
CVE-2021-41159
2021-10-21 19:15:00
CVE-2021-41160
2021-10-21 19:15:00
cnvd
cnvd
FreeRDP Buffer Overflow Vulnerability (CNVD-2021-103653)
2021-10-24 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Freerdp
2022-12-28 02:59:42
gentoo
gentoo
FreeRDP: Multiple Vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DLA 3654-1] freerdp2 security update
2023-11-17 17:35:06
JSON
Related for SUSE_SU-2022-2993-1.NASL
nessus21openvas33fedora24redhat5osv6oraclelinux2centos1amazon1almalinux1ubuntu1altlinux1suse2archlinux1rocky1mageia1ubuntucve2redhatcve2prion2veracode2cve2alpinelinux2debiancve2cnvd1githubexploit1gentoo1debian1