English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892356
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DLA-2356-1)
Summary:The remote host is missing an update for the Debian 'freerdp' package(s) announced via the DLA-2356-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'freerdp' package(s) announced via the DLA-2356-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol.

CVE-2014-0791

An integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

CVE-2020-11042

In FreeRDP there was an out-of-bounds read in update_read_icon_info. It allowed reading an attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This could have been used to crash the client or store information for later retrieval.

CVE-2020-11045

In FreeRDP there was an out-of-bound read in update_read_bitmap_data that allowed client memory to be read to an image buffer. The result displayed on screen as colour.

CVE-2020-11046

In FreeRDP there was a stream out-of-bounds seek in update_read_synchronize that could have lead to a later out-of-bounds read.

CVE-2020-11048

In FreeRDP there was an out-of-bounds read. It only allowed to abort a session. No data extraction was possible.

CVE-2020-11058

In FreeRDP, a stream out-of-bounds seek in rdp_read_font_capability_set could have lead to a later out-of-bounds read. As a result, a manipulated client or server might have forced a disconnect due to an invalid data read.

CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.

CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.

CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.

CVE-2020-11526

libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-13396

An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

CVE-2020-13397

An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

CVE-2020-13398

An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

For Debian 9 stretch, these problems have been fixed in version 1.1.0~
git20140921.1.440916e+dfsg1-13+deb9u4.

We recommend that you upgrade your freerdp packages.

For the detailed security status of freerdp please refer to its security tracker page at: [link moved to references]

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]

Affected Software/OS:
'freerdp' package(s) on Debian 9.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0791
http://www.mandriva.com/security/advisories?name=MDVSA-2015:171
https://bugzilla.redhat.com/show_bug.cgi?id=998941
https://github.com/FreeRDP/FreeRDP/pull/1649
https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
http://openwall.com/lists/oss-security/2014/01/02/5
http://openwall.com/lists/oss-security/2014/01/03/4
SuSE Security Announcement: openSUSE-SU-2014:0862 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html
SuSE Security Announcement: openSUSE-SU-2016:2400 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html
SuSE Security Announcement: openSUSE-SU-2016:2402 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-11042
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
https://github.com/FreeRDP/FreeRDP/issues/6010
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
https://usn.ubuntu.com/4379-1/
https://usn.ubuntu.com/4382-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-11045
https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
https://github.com/FreeRDP/FreeRDP/issues/6005
Common Vulnerability Exposure (CVE) ID: CVE-2020-11046
https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
https://github.com/FreeRDP/FreeRDP/issues/6006
Common Vulnerability Exposure (CVE) ID: CVE-2020-11048
https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
https://github.com/FreeRDP/FreeRDP/issues/6007
Common Vulnerability Exposure (CVE) ID: CVE-2020-11058
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
https://github.com/FreeRDP/FreeRDP/issues/6011
Common Vulnerability Exposure (CVE) ID: CVE-2020-11521
https://github.com/FreeRDP/FreeRDP/commits/master
SuSE Security Announcement: openSUSE-SU-2020:1090 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-11522
Common Vulnerability Exposure (CVE) ID: CVE-2020-11523
Common Vulnerability Exposure (CVE) ID: CVE-2020-11525
Common Vulnerability Exposure (CVE) ID: CVE-2020-11526
Common Vulnerability Exposure (CVE) ID: CVE-2020-13396
https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69
https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1
Common Vulnerability Exposure (CVE) ID: CVE-2020-13397
https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
Common Vulnerability Exposure (CVE) ID: CVE-2020-13398
https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CopyrightCopyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.