Vulnerabilities > CVE-2020-13398 - Out-of-bounds Write vulnerability in multiple products

CVSS 8.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

nessus

NVD

Published: 2020-05-22

Updated: 2023-10-24

Summary

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Vulnerable Configurations

Part	Description	Count
Application	Freerdp Freerdp Freerdp - Freerdp Freerdp 1.0.0 Freerdp Freerdp 1.0.1 Freerdp Freerdp 1.0.2 Freerdp Freerdp 1.1.0 Freerdp Freerdp 1.2.0 Freerdp Freerdp 2.0.0 Freerdp Freerdp 2.1.0	25
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2
OS	Opensuse Opensuse Leap 15.1	1
OS	Canonical Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 20.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-2406.NASL
description	The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-11
modified	2020-06-05
plugin id	137152
published	2020-06-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137152
title	CentOS 6 : freerdp (CESA-2020:2406)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2406 and # CentOS Errata and Security Advisory 2020:2406 respectively. # include("compat.inc"); if (description) { script_id(137152); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2406"); script_name(english:"CentOS 6 : freerdp (CESA-2020:2406)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); # https://lists.centos.org/pipermail/centos-announce/2020-June/035749.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac7f32f6" ); script_set_attribute( attribute:"solution", value:"Update the affected freerdp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-plugins"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"freerdp-1.0.2-7.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"freerdp-devel-1.0.2-7.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"freerdp-libs-1.0.2-7.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"freerdp-plugins-1.0.2-7.el6_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / freerdp-plugins"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2415.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2415 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-12
modified	2020-06-08
plugin id	137237
published	2020-06-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137237
title	RHEL 8 : freerdp (RHSA-2020:2415)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2415. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137237); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2415"); script_name(english:"RHEL 8 : freerdp (RHSA-2020:2415)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2415 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2415"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(122, 787, 805); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::crb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / etc'); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-2405.NASL
description	From Red Hat Security Advisory 2020:2405 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-11
modified	2020-06-08
plugin id	137222
published	2020-06-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137222
title	Oracle Linux 7 : freerdp (ELSA-2020-2405)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2405 and # Oracle Linux Security Advisory ELSA-2020-2405 respectively. # include("compat.inc"); if (description) { script_id(137222); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2405"); script_name(english:"Oracle Linux 7 : freerdp (ELSA-2020-2405)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2020:2405 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-June/010004.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freerdp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-2.0.0-4.rc4.el7_8.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-devel-2.0.0-4.rc4.el7_8.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-libs-2.0.0-4.rc4.el7_8.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-2.0.0-4.rc4.el7_8.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-4.rc4.el7_8.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2406.NASL
description	The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-10
modified	2020-06-05
plugin id	137138
published	2020-06-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137138
title	RHEL 6 : freerdp (RHSA-2020:2406)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2406. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137138); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2406"); script_name(english:"RHEL 6 : freerdp (RHSA-2020:2406)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2406"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(122, 787, 805); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-plugins"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'}, {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'}, {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'}, {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'}, {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6'}, {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'}, {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'}, {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'}, {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6'}, {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'}, {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'}, {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'}, {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'}, {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / etc'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2407.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-10
modified	2020-06-05
plugin id	137140
published	2020-06-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137140
title	RHEL 8 : freerdp (RHSA-2020:2407)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2407. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137140); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2407"); script_name(english:"RHEL 8 : freerdp (RHSA-2020:2407)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2407"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(122, 787, 805); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::crb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / etc'); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4379-1.NASL
description	It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-06
modified	2020-06-02
plugin id	137045
published	2020-06-02
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137045
title	Ubuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4379-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(137045); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id("CVE-2018-1000852", "CVE-2019-17177", "CVE-2020-11042", "CVE-2020-11044", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11047", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398"); script_xref(name:"USN", value:"4379-1"); script_name(english:"Ubuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4379-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected libfreerdp-client2-2, libfreerdp-server2-2 and / or libfreerdp2-2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-server2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp2-2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04\|19\.10\|20\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10 / 20.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreerdp-client2-2 / libfreerdp-server2-2 / libfreerdp2-2"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2405.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-10
modified	2020-06-05
plugin id	137186
published	2020-06-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137186
title	RHEL 7 : freerdp (RHSA-2020:2405)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2405. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(137186); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08"); script_cve_id("CVE-2020-13398"); script_xref(name:"RHSA", value:"2020:2405"); script_name(english:"RHEL 7 : freerdp (RHSA-2020:2405)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2405"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(122, 787, 805); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'}, {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'}, {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'}, {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'}, {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'}, {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'}, {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'}, {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'}, {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'}, {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'}, {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'}, {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'}, {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'}, {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'}, {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'}, {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'}, {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'}, {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / etc'); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4382-1.NASL
description	It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-10
modified	2020-06-05
plugin id	137178
published	2020-06-05
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137178
title	Ubuntu 16.04 LTS : freerdp vulnerabilities (USN-4382-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4382-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(137178); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2020-11042", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398"); script_xref(name:"USN", value:"4382-1"); script_name(english:"Ubuntu 16.04 LTS : freerdp vulnerabilities (USN-4382-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4382-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected libfreerdp-client1.1, libfreerdp-common1.1.0 and / or libfreerdp-core1.1 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client1.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-common1.1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-core1.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-client1.1", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-common1.1.0", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-core1.1", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreerdp-client1.1 / libfreerdp-common1.1.0 / libfreerdp-core1.1"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-2406.NASL
description	From Red Hat Security Advisory 2020:2406 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-11
modified	2020-06-08
plugin id	137223
published	2020-06-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137223
title	Oracle Linux 6 : freerdp (ELSA-2020-2406)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-2407.NASL
description	From Red Hat Security Advisory 2020:2407 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-11
modified	2020-06-08
plugin id	137224
published	2020-06-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137224
title	Oracle Linux 8 : freerdp (ELSA-2020-2407)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2417.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2417 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-12
modified	2020-06-08
plugin id	137240
published	2020-06-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137240
title	RHEL 8 : freerdp (RHSA-2020:2417)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200609_FREERDP_ON_SL6_X.NASL
description	Security Fix(es) : - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
last seen	2020-06-13
modified	2020-06-10
plugin id	137292
published	2020-06-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137292
title	Scientific Linux Security Update : freerdp on SL6.x i386/x86_64 (20200609)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200609_FREERDP_ON_SL7_X.NASL
description	Security Fix(es) : - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
last seen	2020-06-13
modified	2020-06-10
plugin id	137293
published	2020-06-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137293
title	Scientific Linux Security Update : freerdp on SL7.x x86_64 (20200609)

Redhat

advisories

bugzilla

id	1841199
title	CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment libwinpr-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
oval oval:com.redhat.rhsa:tst:20202405001
comment libwinpr-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192157010

AND

comment freerdp-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
oval oval:com.redhat.rhsa:tst:20202405003
comment freerdp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697002

AND
comment libwinpr is earlier than 0:2.0.0-4.rc4.el7_8.1
oval oval:com.redhat.rhsa:tst:20202405005
comment libwinpr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192157004

AND

comment freerdp-libs is earlier than 0:2.0.0-4.rc4.el7_8.1
oval oval:com.redhat.rhsa:tst:20202405007
comment freerdp-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697008

AND
comment freerdp is earlier than 0:2.0.0-4.rc4.el7_8.1
oval oval:com.redhat.rhsa:tst:20202405009
comment freerdp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697004

rhsa

id	RHSA-2020:2405
released	2020-06-05
severity	Important
title	RHSA-2020:2405: freerdp security update (Important)

bugzilla

id	1841199
title	CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment freerdp-plugins is earlier than 0:1.0.2-7.el6_10
oval oval:com.redhat.rhsa:tst:20202406001
comment freerdp-plugins is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697006

AND
comment freerdp-libs is earlier than 0:1.0.2-7.el6_10
oval oval:com.redhat.rhsa:tst:20202406003
comment freerdp-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697008
AND
comment freerdp is earlier than 0:1.0.2-7.el6_10
oval oval:com.redhat.rhsa:tst:20202406005
comment freerdp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697004
AND
comment freerdp-devel is earlier than 0:1.0.2-7.el6_10
oval oval:com.redhat.rhsa:tst:20202406007
comment freerdp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697002

rhsa

id	RHSA-2020:2406
released	2020-06-04
severity	Important
title	RHSA-2020:2406: freerdp security update (Important)

bugzilla

id	1841199
title	CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment freerdp-debugsource is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407001
comment freerdp-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20202336002

AND

comment libwinpr-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407003
comment libwinpr-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192157010

AND
comment libwinpr is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407005
comment libwinpr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192157004

AND

comment freerdp-libs is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407007
comment freerdp-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697008

AND
comment freerdp is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407009
comment freerdp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697004

AND

comment freerdp-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
oval oval:com.redhat.rhsa:tst:20202407011
comment freerdp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190697002

rhsa

id	RHSA-2020:2407
released	2020-06-04
severity	Important
title	RHSA-2020:2407: freerdp security update (Important)

rpms

freerdp-0:2.0.0-4.rc4.el7_8.1
freerdp-debuginfo-0:2.0.0-4.rc4.el7_8.1
freerdp-devel-0:2.0.0-4.rc4.el7_8.1
freerdp-libs-0:2.0.0-4.rc4.el7_8.1
libwinpr-0:2.0.0-4.rc4.el7_8.1
libwinpr-devel-0:2.0.0-4.rc4.el7_8.1
freerdp-0:1.0.2-7.el6_10
freerdp-debuginfo-0:1.0.2-7.el6_10
freerdp-devel-0:1.0.2-7.el6_10
freerdp-libs-0:1.0.2-7.el6_10
freerdp-plugins-0:1.0.2-7.el6_10
freerdp-2:2.0.0-46.rc4.el8_2.2
freerdp-debuginfo-2:2.0.0-46.rc4.el8_2.2
freerdp-debugsource-2:2.0.0-46.rc4.el8_2.2
freerdp-devel-2:2.0.0-46.rc4.el8_2.2
freerdp-libs-2:2.0.0-46.rc4.el8_2.2
freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_2.2
libwinpr-2:2.0.0-46.rc4.el8_2.2
libwinpr-debuginfo-2:2.0.0-46.rc4.el8_2.2
libwinpr-devel-2:2.0.0-46.rc4.el8_2.2
freerdp-2:2.0.0-46.rc4.el8_1.2
freerdp-debuginfo-2:2.0.0-46.rc4.el8_1.2
freerdp-debugsource-2:2.0.0-46.rc4.el8_1.2
freerdp-devel-2:2.0.0-46.rc4.el8_1.2
freerdp-libs-2:2.0.0-46.rc4.el8_1.2
freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_1.2
libwinpr-2:2.0.0-46.rc4.el8_1.2
libwinpr-debuginfo-2:2.0.0-46.rc4.el8_1.2
libwinpr-devel-2:2.0.0-46.rc4.el8_1.2
freerdp-2:2.0.0-46.rc4.el8_0.2
freerdp-debuginfo-2:2.0.0-46.rc4.el8_0.2
freerdp-debugsource-2:2.0.0-46.rc4.el8_0.2
freerdp-libs-2:2.0.0-46.rc4.el8_0.2
freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_0.2
libwinpr-2:2.0.0-46.rc4.el8_0.2
libwinpr-debuginfo-2:2.0.0-46.rc4.el8_0.2
libwinpr-devel-2:2.0.0-46.rc4.el8_0.2

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References