Debian DLA-2356-1 : freerdp security update

high Nessus Plugin ID 140055

Synopsis

The remote Debian host is missing a security update.

Description

Several vulnerabilites have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol.

CVE-2014-0791

An integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

CVE-2020-11042

In FreeRDP there was an out-of-bounds read in update_read_icon_info.
It allowed reading an attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This could have been used to crash the client or store information for later retrieval.

CVE-2020-11045

In FreeRDP there was an out-of-bound read in in update_read_bitmap_data that allowed client memory to be read to an image buffer. The result displayed on screen as colour.

CVE-2020-11046

In FreeRDP there was a stream out-of-bounds seek in update_read_synchronize that could have lead to a later out-of-bounds read.

CVE-2020-11048

In FreeRDP there was an out-of-bounds read. It only allowed to abort a session. No data extraction was possible.

CVE-2020-11058

In FreeRDP, a stream out-of-bounds seek in rdp_read_font_capability_set could have lead to a later out-of-bounds read. As a result, a manipulated client or server might have forced a disconnect due to an invalid data read.

CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.

CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.

CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.

CVE-2020-11526

libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-13396

An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

CVE-2020-13397

An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

CVE-2020-13398

An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

For Debian 9 stretch, these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.

We recommend that you upgrade your freerdp packages.

For the detailed security status of freerdp please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/freerdp

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

https://packages.debian.org/source/stretch/freerdp

https://security-tracker.debian.org/tracker/source-package/freerdp

Plugin Details

Severity: High

ID: 140055

File Name: debian_DLA-2356.nasl

Version: 1.4

Type: local

Agent: unix

Published: 8/31/2020

Updated: 2/22/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0791

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-13398

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libwinpr-handle0.1, p-cpe:/a:debian:debian_linux:libwinpr-library0.1, p-cpe:/a:debian:debian_linux:libxfreerdp-client1.1, p-cpe:/a:debian:debian_linux:libwinpr-sspicli0.1, p-cpe:/a:debian:debian_linux:libfreerdp-crypto1.1, p-cpe:/a:debian:debian_linux:libwinpr-winhttp0.1, p-cpe:/a:debian:debian_linux:libfreerdp-client1.1, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:libfreerdp-dbg, p-cpe:/a:debian:debian_linux:libfreerdp-common1.1.0, p-cpe:/a:debian:debian_linux:libwinpr-pipe0.1, p-cpe:/a:debian:debian_linux:libwinpr-sspi0.1, p-cpe:/a:debian:debian_linux:libwinpr-thread0.1, p-cpe:/a:debian:debian_linux:libwinpr-error0.1, p-cpe:/a:debian:debian_linux:libfreerdp-cache1.1, p-cpe:/a:debian:debian_linux:libwinpr-rpc0.1, p-cpe:/a:debian:debian_linux:freerdp-x11, p-cpe:/a:debian:debian_linux:libfreerdp-primitives1.1, p-cpe:/a:debian:debian_linux:libfreerdp-utils1.1, p-cpe:/a:debian:debian_linux:libwinpr-utils0.1, p-cpe:/a:debian:debian_linux:libwinpr-registry0.1, p-cpe:/a:debian:debian_linux:libwinpr-environment0.1, p-cpe:/a:debian:debian_linux:libwinpr-dsparse0.1, p-cpe:/a:debian:debian_linux:libfreerdp-gdi1.1, p-cpe:/a:debian:debian_linux:libfreerdp-rail1.1, p-cpe:/a:debian:debian_linux:libwinpr-winsock0.1, p-cpe:/a:debian:debian_linux:libwinpr-pool0.1, p-cpe:/a:debian:debian_linux:libwinpr-synch0.1, p-cpe:/a:debian:debian_linux:libwinpr-io0.1, p-cpe:/a:debian:debian_linux:libwinpr-heap0.1, p-cpe:/a:debian:debian_linux:libxfreerdp-client-dbg, p-cpe:/a:debian:debian_linux:libwinpr-interlocked0.1, p-cpe:/a:debian:debian_linux:libwinpr-crt0.1, p-cpe:/a:debian:debian_linux:libwinpr-credui0.1, p-cpe:/a:debian:debian_linux:libwinpr-file0.1, p-cpe:/a:debian:debian_linux:libfreerdp-locale1.1, p-cpe:/a:debian:debian_linux:libwinpr-dev, p-cpe:/a:debian:debian_linux:libwinpr-timezone0.1, p-cpe:/a:debian:debian_linux:libwinpr-credentials0.1, p-cpe:/a:debian:debian_linux:libfreerdp-core1.1, p-cpe:/a:debian:debian_linux:libwinpr-dbg, p-cpe:/a:debian:debian_linux:libwinpr-crypto0.1, p-cpe:/a:debian:debian_linux:libfreerdp-plugins-standard, p-cpe:/a:debian:debian_linux:libfreerdp-dev, p-cpe:/a:debian:debian_linux:libwinpr-path0.1, p-cpe:/a:debian:debian_linux:libwinpr-sysinfo0.1, p-cpe:/a:debian:debian_linux:libwinpr-asn1-0.1, p-cpe:/a:debian:debian_linux:libfreerdp-codec1.1, p-cpe:/a:debian:debian_linux:libfreerdp-plugins-standard-dbg, p-cpe:/a:debian:debian_linux:libwinpr-bcrypt0.1, p-cpe:/a:debian:debian_linux:freerdp-x11-dbg, p-cpe:/a:debian:debian_linux:libwinpr-input0.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/29/2020

Vulnerability Publication Date: 1/3/2014

Reference Information

CVE: CVE-2014-0791, CVE-2020-11042, CVE-2020-11045, CVE-2020-11046, CVE-2020-11048, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020-13398

BID: 64689