Vulnerabilities > CVE-2020-11521 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 16 | |
| OS | 4 | |
| OS | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2354.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2354 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-03 plugin id 137059 published 2020-06-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137059 title RHEL 8 : freerdp (RHSA-2020:2354) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2354. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137059); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-11521", "CVE-2020-11523", "CVE-2020-11524"); script_xref(name:"RHSA", value:"2020:2354"); script_name(english:"RHEL 8 : freerdp (RHSA-2020:2354)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2354 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/190.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2354"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11521"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11523"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11524"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836214"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836226"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836234"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11524"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(125, 190); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::crb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / etc'); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-07.NASL description The remote host is affected by the vulnerability described in GLSA-202005-07 (FreeRDP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-12 modified 2020-05-15 plugin id 136637 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136637 title GLSA-202005-07 : FreeRDP: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202005-07. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(136637); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/11"); script_cve_id("CVE-2019-17177", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526"); script_xref(name:"GLSA", value:"202005-07"); script_name(english:"GLSA-202005-07 : FreeRDP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202005-07 (FreeRDP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202005-07" ); script_set_attribute( attribute:"solution", value: "All FreeRDP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/freerdp-2.1.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11522"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:freerdp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/04"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/freerdp", unaffected:make_list("ge 2.1.0"), vulnerable:make_list("lt 2.1.0"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "FreeRDP"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2334.NASL description Description of changes: [2.0.0-4.rc4] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837621) - CVE-2020-11523: Fix integer overflow in region.c (#1837622) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837623) last seen 2020-06-10 modified 2020-06-05 plugin id 137171 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137171 title Oracle Linux 7 : freerdp (ELSA-2020-2334) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2020-2334. # include("compat.inc"); if (description) { script_id(137171); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2020-11521", "CVE-2020-11523", "CVE-2020-11524"); script_name(english:"Oracle Linux 7 : freerdp (ELSA-2020-2334)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: [2.0.0-4.rc4] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837621) - CVE-2020-11523: Fix integer overflow in region.c (#1837622) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837623)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-June/009996.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freerdp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-devel-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-libs-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-4.rc4.el7_8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2334.NASL description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2020:2334. last seen 2020-06-06 modified 2020-06-02 plugin id 137005 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137005 title CentOS 7 : freerdp (CESA-2020:2334) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2334 and # CentOS Errata and Security Advisory 2020:2334 respectively. # include("compat.inc"); if (description) { script_id(137005); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_xref(name:"RHSA", value:"2020:2334"); script_name(english:"CentOS 7 : freerdp (CESA-2020:2334)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2020:2334." ); # https://lists.centos.org/pipermail/centos-announce/2020-June/035742.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?486ef3ad" ); script_set_attribute( attribute:"solution", value:"Update the affected freerdp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11521"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwinpr-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"freerdp-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"freerdp-devel-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"freerdp-libs-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwinpr-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-4.rc4.el7_8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2335.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2335 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-05-30 plugin id 136974 published 2020-05-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136974 title RHEL 8 : freerdp (RHSA-2020:2335) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2335. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136974); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-11521", "CVE-2020-11523", "CVE-2020-11524"); script_xref(name:"RHSA", value:"2020:2335"); script_name(english:"RHEL 8 : freerdp (RHSA-2020:2335)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2335 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/190.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2335"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11521"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11523"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11524"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836214"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836226"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836234"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11524"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(125, 190); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-2.0.0-46.rc4.el8_0.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_0.1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_0.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_0.1', 'cpu':'i686', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_0.1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_0.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_0.1', 'cpu':'i686', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_0.1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_0.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_0.1', 'cpu':'i686', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_0.1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_0.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_0.1', 'cpu':'i686', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_0.1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-libs / etc'); }NASL family Scientific Linux Local Security Checks NASL id SL_20200528_FREERDP_ON_SL7_X.NASL description Security Fix(es) : - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) last seen 2020-06-06 modified 2020-06-02 plugin id 137040 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137040 title Scientific Linux Security Update : freerdp on SL7.x x86_64 (20200528) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(137040); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id("CVE-2020-11521", "CVE-2020-11523", "CVE-2020-11524"); script_name(english:"Scientific Linux Security Update : freerdp on SL7.x x86_64 (20200528)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=75 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc05ae3b" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:freerdp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwinpr-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"freerdp-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"freerdp-debuginfo-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"freerdp-devel-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"freerdp-libs-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwinpr-2.0.0-4.rc4.el7_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-4.rc4.el7_8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-debuginfo / freerdp-devel / freerdp-libs / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2336.NASL description From Red Hat Security Advisory 2020:2336 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2336 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-11 modified 2020-06-08 plugin id 137218 published 2020-06-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137218 title Oracle Linux 8 : freerdp (ELSA-2020-2336) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2336 and # Oracle Linux Security Advisory ELSA-2020-2336 respectively. # include("compat.inc"); if (description) { script_id(137218); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-11521", "CVE-2020-11523", "CVE-2020-11524"); script_xref(name:"RHSA", value:"2020:2336"); script_name(english:"Oracle Linux 8 : freerdp (ELSA-2020-2336)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2020:2336 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2336 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-June/010005.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freerdp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"freerdp-2.0.0-46.rc4.el8_2.1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"freerdp-devel-2.0.0-46.rc4.el8_2.1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"freerdp-libs-2.0.0-46.rc4.el8_2.1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libwinpr-2.0.0-46.rc4.el8_2.1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-46.rc4.el8_2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4379-1.NASL description It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-06-02 plugin id 137045 published 2020-06-02 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137045 title Ubuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4379-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(137045); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id("CVE-2018-1000852", "CVE-2019-17177", "CVE-2020-11042", "CVE-2020-11044", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11047", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398"); script_xref(name:"USN", value:"4379-1"); script_name(english:"Ubuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4379-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected libfreerdp-client2-2, libfreerdp-server2-2 and / or libfreerdp2-2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-server2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp2-2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04|19\.10|20\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10 / 20.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreerdp-client2-2 / libfreerdp-server2-2 / libfreerdp2-2"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2336.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2336 advisory. - freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) - freerdp: Integer overflow in region.c (CVE-2020-11523) - freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-05-30 plugin id 136975 published 2020-05-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136975 title RHEL 8 : freerdp (RHSA-2020:2336) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_669F3FE8A07A11EAB83EF0DEF1F5C5A2.NASL description The FreeRDP changelog reports 14 CVEs addressed after 2.0.0-rc4 last seen 2020-06-12 modified 2020-06-09 plugin id 137249 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137249 title FreeBSD : FreeRDP -- multiple vulnerabilities (669f3fe8-a07a-11ea-b83e-f0def1f5c5a2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4382-1.NASL description It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2020-06-05 plugin id 137178 published 2020-06-05 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137178 title Ubuntu 16.04 LTS : freerdp vulnerabilities (USN-4382-1)
Redhat
| rpms |
|
References
- https://github.com/FreeRDP/FreeRDP/commits/master
- https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
- https://usn.ubuntu.com/4379-1/
- https://usn.ubuntu.com/4382-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html