Vulnerabilities > CVE-2020-13398 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
LOW
network
low complexity
freerdp
debian
opensuse
canonical
CWE-787
nessus

Summary

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2406.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-06-05
    plugin id137152
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137152
    titleCentOS 6 : freerdp (CESA-2020:2406)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:2406 and 
    # CentOS Errata and Security Advisory 2020:2406 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137152);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2406");
    
      script_name(english:"CentOS 6 : freerdp (CESA-2020:2406)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2406 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      # https://lists.centos.org/pipermail/centos-announce/2020-June/035749.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ac7f32f6"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected freerdp packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freerdp-plugins");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"freerdp-1.0.2-7.el6_10")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freerdp-devel-1.0.2-7.el6_10")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freerdp-libs-1.0.2-7.el6_10")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freerdp-plugins-1.0.2-7.el6_10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / freerdp-plugins");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2415.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2415 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-08
    plugin id137237
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137237
    titleRHEL 8 : freerdp (RHSA-2020:2415)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2415. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137237);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2415");
    
      script_name(english:"RHEL 8 : freerdp (RHSA-2020:2415)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2415 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2415");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122, 787, 805);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_eus:8.1::crb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / etc');
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2405.NASL
    descriptionFrom Red Hat Security Advisory 2020:2405 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-06-08
    plugin id137222
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137222
    titleOracle Linux 7 : freerdp (ELSA-2020-2405)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2405 and 
    # Oracle Linux Security Advisory ELSA-2020-2405 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137222);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/10");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2405");
    
      script_name(english:"Oracle Linux 7 : freerdp (ELSA-2020-2405)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2020:2405 :
    
    The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2405 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-June/010004.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected freerdp packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwinpr-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-2.0.0-4.rc4.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-devel-2.0.0-4.rc4.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"freerdp-libs-2.0.0-4.rc4.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-2.0.0-4.rc4.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwinpr-devel-2.0.0-4.rc4.el7_8.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freerdp / freerdp-devel / freerdp-libs / libwinpr / libwinpr-devel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2406.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-05
    plugin id137138
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137138
    titleRHEL 6 : freerdp (RHSA-2020:2406)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2406. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137138);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2406");
    
      script_name(english:"RHEL 6 : freerdp (RHSA-2020:2406)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2406 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2406");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122, 787, 805);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-plugins");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'},
        {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'},
        {'reference':'freerdp-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'},
        {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'},
        {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6'},
        {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'},
        {'reference':'freerdp-devel-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'},
        {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'},
        {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390', 'release':'6'},
        {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'},
        {'reference':'freerdp-libs-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'},
        {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'i686', 'release':'6'},
        {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'s390x', 'release':'6'},
        {'reference':'freerdp-plugins-1.0.2-7.el6_10', 'cpu':'x86_64', 'release':'6'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / etc');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2407.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-05
    plugin id137140
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137140
    titleRHEL 8 : freerdp (RHSA-2020:2407)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2407. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137140);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2407");
    
      script_name(english:"RHEL 8 : freerdp (RHSA-2020:2407)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2407 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2407");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122, 787, 805);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::crb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-debugsource-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'freerdp-libs-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'i686', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
        {'reference':'libwinpr-devel-2.0.0-46.rc4.el8_2.2', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-debugsource / freerdp-devel / etc');
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4379-1.NASL
    descriptionIt was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-06-02
    plugin id137045
    published2020-06-02
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137045
    titleUbuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4379-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137045);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2018-1000852", "CVE-2019-17177", "CVE-2020-11042", "CVE-2020-11044", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11047", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398");
      script_xref(name:"USN", value:"4379-1");
    
      script_name(english:"Ubuntu 18.04 LTS / 19.10 / 20.04 : freerdp2 vulnerabilities (USN-4379-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that FreeRDP incorrectly handled certain memory
    operations. A remote attacker could use this issue to cause FreeRDP to
    crash, resulting in a denial of service, or possibly exeucte arbitrary
    code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4379-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected libfreerdp-client2-2, libfreerdp-server2-2 and /
    or libfreerdp2-2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-server2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp2-2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04|19\.10|20\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10 / 20.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.19.10.1")) flag++;
    if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-client2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++;
    if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp-server2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++;
    if (ubuntu_check(osver:"20.04", pkgname:"libfreerdp2-2", pkgver:"2.1.1+dfsg1-0ubuntu0.20.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreerdp-client2-2 / libfreerdp-server2-2 / libfreerdp2-2");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2405.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-05
    plugin id137186
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137186
    titleRHEL 7 : freerdp (RHSA-2020:2405)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2405. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137186);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-13398");
      script_xref(name:"RHSA", value:"2020:2405");
    
      script_name(english:"RHEL 7 : freerdp (RHSA-2020:2405)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:2405 advisory.
    
      - freerdp: Out-of-bounds write in crypto_rsa_common in
        libfreerdp/crypto/crypto.c (CVE-2020-13398)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/805.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2405");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-13398");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1841199");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13398");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122, 787, 805);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freerdp-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwinpr-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'},
        {'reference':'freerdp-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'},
        {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'},
        {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'},
        {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'},
        {'reference':'freerdp-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'},
        {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'},
        {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'},
        {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'},
        {'reference':'freerdp-libs-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'},
        {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'},
        {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'},
        {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'},
        {'reference':'libwinpr-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'},
        {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'i686', 'release':'7'},
        {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390', 'release':'7'},
        {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'s390x', 'release':'7'},
        {'reference':'libwinpr-devel-2.0.0-4.rc4.el7_8.1', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freerdp / freerdp-devel / freerdp-libs / etc');
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4382-1.NASL
    descriptionIt was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2020-06-05
    plugin id137178
    published2020-06-05
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137178
    titleUbuntu 16.04 LTS : freerdp vulnerabilities (USN-4382-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4382-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137178);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09");
    
      script_cve_id("CVE-2020-11042", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398");
      script_xref(name:"USN", value:"4382-1");
    
      script_name(english:"Ubuntu 16.04 LTS : freerdp vulnerabilities (USN-4382-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that FreeRDP incorrectly handled certain memory
    operations. A remote attacker could use this issue to cause FreeRDP to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4382-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected libfreerdp-client1.1, libfreerdp-common1.1.0 and /
    or libfreerdp-core1.1 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-client1.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-common1.1.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreerdp-core1.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-client1.1", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-common1.1.0", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libfreerdp-core1.1", pkgver:"1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreerdp-client1.1 / libfreerdp-common1.1.0 / libfreerdp-core1.1");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2406.NASL
    descriptionFrom Red Hat Security Advisory 2020:2406 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2406 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-06-08
    plugin id137223
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137223
    titleOracle Linux 6 : freerdp (ELSA-2020-2406)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2407.NASL
    descriptionFrom Red Hat Security Advisory 2020:2407 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2407 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-06-08
    plugin id137224
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137224
    titleOracle Linux 8 : freerdp (ELSA-2020-2407)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2417.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2417 advisory. - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-08
    plugin id137240
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137240
    titleRHEL 8 : freerdp (RHSA-2020:2417)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200609_FREERDP_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
    last seen2020-06-13
    modified2020-06-10
    plugin id137292
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137292
    titleScientific Linux Security Update : freerdp on SL6.x i386/x86_64 (20200609)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200609_FREERDP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
    last seen2020-06-13
    modified2020-06-10
    plugin id137293
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137293
    titleScientific Linux Security Update : freerdp on SL7.x x86_64 (20200609)

Redhat

advisories
  • bugzilla
    id1841199
    titleCVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibwinpr-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20202405001
          • commentlibwinpr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192157010
        • AND
          • commentfreerdp-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20202405003
          • commentfreerdp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697002
        • AND
          • commentlibwinpr is earlier than 0:2.0.0-4.rc4.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20202405005
          • commentlibwinpr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192157004
        • AND
          • commentfreerdp-libs is earlier than 0:2.0.0-4.rc4.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20202405007
          • commentfreerdp-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697008
        • AND
          • commentfreerdp is earlier than 0:2.0.0-4.rc4.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20202405009
          • commentfreerdp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697004
    rhsa
    idRHSA-2020:2405
    released2020-06-05
    severityImportant
    titleRHSA-2020:2405: freerdp security update (Important)
  • bugzilla
    id1841199
    titleCVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentfreerdp-plugins is earlier than 0:1.0.2-7.el6_10
            ovaloval:com.redhat.rhsa:tst:20202406001
          • commentfreerdp-plugins is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697006
        • AND
          • commentfreerdp-libs is earlier than 0:1.0.2-7.el6_10
            ovaloval:com.redhat.rhsa:tst:20202406003
          • commentfreerdp-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697008
        • AND
          • commentfreerdp is earlier than 0:1.0.2-7.el6_10
            ovaloval:com.redhat.rhsa:tst:20202406005
          • commentfreerdp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697004
        • AND
          • commentfreerdp-devel is earlier than 0:1.0.2-7.el6_10
            ovaloval:com.redhat.rhsa:tst:20202406007
          • commentfreerdp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697002
    rhsa
    idRHSA-2020:2406
    released2020-06-04
    severityImportant
    titleRHSA-2020:2406: freerdp security update (Important)
  • bugzilla
    id1841199
    titleCVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentfreerdp-debugsource is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407001
          • commentfreerdp-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20202336002
        • AND
          • commentlibwinpr-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407003
          • commentlibwinpr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192157010
        • AND
          • commentlibwinpr is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407005
          • commentlibwinpr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192157004
        • AND
          • commentfreerdp-libs is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407007
          • commentfreerdp-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697008
        • AND
          • commentfreerdp is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407009
          • commentfreerdp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697004
        • AND
          • commentfreerdp-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
            ovaloval:com.redhat.rhsa:tst:20202407011
          • commentfreerdp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190697002
    rhsa
    idRHSA-2020:2407
    released2020-06-04
    severityImportant
    titleRHSA-2020:2407: freerdp security update (Important)
rpms
  • freerdp-0:2.0.0-4.rc4.el7_8.1
  • freerdp-debuginfo-0:2.0.0-4.rc4.el7_8.1
  • freerdp-devel-0:2.0.0-4.rc4.el7_8.1
  • freerdp-libs-0:2.0.0-4.rc4.el7_8.1
  • libwinpr-0:2.0.0-4.rc4.el7_8.1
  • libwinpr-devel-0:2.0.0-4.rc4.el7_8.1
  • freerdp-0:1.0.2-7.el6_10
  • freerdp-debuginfo-0:1.0.2-7.el6_10
  • freerdp-devel-0:1.0.2-7.el6_10
  • freerdp-libs-0:1.0.2-7.el6_10
  • freerdp-plugins-0:1.0.2-7.el6_10
  • freerdp-2:2.0.0-46.rc4.el8_2.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_2.2
  • freerdp-devel-2:2.0.0-46.rc4.el8_2.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_2.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_2.2
  • freerdp-2:2.0.0-46.rc4.el8_1.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_1.2
  • freerdp-devel-2:2.0.0-46.rc4.el8_1.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_1.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_1.2
  • freerdp-2:2.0.0-46.rc4.el8_0.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_0.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_0.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_0.2