Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0383)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0383

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0383)

Resumen: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2022-0383 advisory.

Descripción: Summary:
The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2022-0383 advisory.

Vulnerability Insight:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In
versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not
properly abort when someone provides and empty password value. This issue
affects FreeRDP based RDP Server implementations. RDP clients are not
affected. The vulnerability is patched in FreeRDP 2.7.0. There are
currently no known workarounds. (CVE-2022-24882)

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP).
Prior to version 2.7.0, server side authentication against a 'SAM' file
might be successful for invalid credentials if the server has configured
an invalid 'SAM' file path. FreeRDP based clients are not affected. RDP
server implementations using FreeRDP to authenticate against a 'SAM' file
are affected. Version 2.7.0 contains a fix for this issue. As a
workaround, use custom authentication via 'HashCallback' and/or ensure the
'SAM' database path configured is valid and the application has file
handles left. (CVE-2022-24883)

Affected Software/OS:
'freerdp' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-24882
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/
https://security.gentoo.org/glsa/202210-24
https://github.com/FreeRDP/FreeRDP/pull/7750
https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
Common Vulnerability Exposure (CVE) ID: CVE-2022-24883
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0383
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0383)
Resumen:	The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2022-0383 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2022-0383 advisory. Vulnerability Insight: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. (CVE-2022-24882) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a 'SAM' file might be successful for invalid credentials if the server has configured an invalid 'SAM' file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a 'SAM' file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via 'HashCallback' and/or ensure the 'SAM' database path configured is valid and the application has file handles left. (CVE-2022-24883) Affected Software/OS: 'freerdp' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-24882 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/ https://security.gentoo.org/glsa/202210-24 https://github.com/FreeRDP/FreeRDP/pull/7750 https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 Common Vulnerability Exposure (CVE) ID: CVE-2022-24883 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html
Copyright	Copyright (C) 2022 Greenbone AG