RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
BID:106938
CVE-2018-20174 | CVE-2018-20175 | CVE-2018-20176 | CVE-2018-20177 | CVE-2018-20178 | CVE-2018-20179 | CVE-2018-20180 | CVE-2018-20181 | CVE-2018-20182 | CVE-2018-8784 | CVE-2018-8785 | CVE-2018-8786 | CVE-2018-8787 | CVE-2018-8788 | CVE-2018-8789 | CVE-2018-8791 | CVE-2018-8792 | CVE-2018-8793 | CVE-2018-8794 | CVE-2018-8795 | CVE-2018-8796 | CVE-2018-8797 | CVE-2018-8798 | CVE-2018-8799 | CVE-2018-8800 |Info
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
| Bugtraq ID: | 106938 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2019 12:00AM |
| Updated: | Apr 19 2019 10:00AM |
| Credit: | Eyal Itkin |
| Vulnerable: |
rdesktop rdesktop 1.8.3 rdesktop rdesktop 1.8 rdesktop rdesktop 1.7.1 rdesktop rdesktop 1.7 rdesktop rdesktop 1.6.9 rdesktop rdesktop 1.6 rdesktop rdesktop 1.5 rdesktop rdesktop 1.4.1 rdesktop rdesktop 1.4 rdesktop rdesktop 1.3.1 rdesktop rdesktop 1.3 rdesktop rdesktop 1.2 Oracle Linux 7 FreeRDP FreeRDP 2.0 FreeRDP FreeRDP 1.1 FreeRDP FreeRDP 2.0.0-rc4 FreeRDP FreeRDP 2.0.0-rc3 FreeRDP FreeRDP 2.0.0-rc2 FreeRDP FreeRDP 2.0.0-rc1 FreeRDP FreeRDP 1.1.0-beta1 FreeRDP FreeRDP 1.0.2 |
| Not Vulnerable: | |
Discussion
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
RDP Client is prone to the following vulnerabilities:
1. Multiple information-disclosure vulnerabilities.
2. Multiple integer-underflow vulnerabilities.
3. Multiple denial of service vulnerabilities.
4. Multiple heap-based buffer-overflow vulnerabilities.
5. Multiple integer-overflow vulnerabilities.
6. Multiple buffer-overflow vulnerabilities.
An attacker may leverage these issues to execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions or gain access to sensitive information that may aid in further attacks.
The following versions of RDP Client are vulnerable:
rdesktop version 1.8.3 and prior are vulnerable.
FreeRDP version 2.0.0-rc4 and prior are vulnerable.
RDP Client is prone to the following vulnerabilities:
1. Multiple information-disclosure vulnerabilities.
2. Multiple integer-underflow vulnerabilities.
3. Multiple denial of service vulnerabilities.
4. Multiple heap-based buffer-overflow vulnerabilities.
5. Multiple integer-overflow vulnerabilities.
6. Multiple buffer-overflow vulnerabilities.
An attacker may leverage these issues to execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions or gain access to sensitive information that may aid in further attacks.
The following versions of RDP Client are vulnerable:
rdesktop version 1.8.3 and prior are vulnerable.
FreeRDP version 2.0.0-rc4 and prior are vulnerable.
Exploit / POC
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
References:
References:
- FreeRDP Github Repository (Github)
- FreeRDP Homepage (FreeRDP)
- FreeRDP Releases (Github)
- Malicious RDP server security fixes (Github)
- rdesktop Github Repository (Github)
- rdesktop Home Page (rdesktop)
- rdesktop Releases (Github)
- CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data (Redhat)
- CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_ (Redhat)
- CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv (Redhat)
- CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr (Redhat)
- CVE-2018-20178 rdesktop: Denial of Service in process_demand_active (Redhat)
- CVE-2018-20179 rdesktop: Remote code execution in lspci_process (Redhat)
- CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process (Redhat)
- CVE-2018-20181 rdesktop: Remote code execution in seamless_process (Redhat)
- CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line (Redhat)
- CVE-2018-8784 freerdp: Heap-based buffer overflow in zgfx_decompress_segment() f (Redhat)
- CVE-2018-8785 freerdp: Heap-based buffer overflow in zgfx_decompress() function (Redhat)
- CVE-2018-8786 freerdp: Integer truncation leading to heap-based buffer overflow (Redhat)
- CVE-2018-8787 freerdp: Integer overflow leading to heap-based buffer overflow in (Redhat)
- CVE-2018-8788 freerdp: Out-of-bounds write in nsc_rle_decode() function (Redhat)
- CVE-2018-8789 freerdp: Several out-of-bounds reads in NTLM authentication module (Redhat)
- CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process (Redhat)
- CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest (Redhat)
- CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest (Redhat)
- CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data (Redhat)
- CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data (Redhat)
- CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data (Redhat)
- CVE-2018-8797 rdesktop: Remote code execution in process_plane (Redhat)
- CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping (Redhat)
- CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order (Redhat)
- CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data (Redhat)
- Oracle Linux Bulletin - April 2019 (Oracle)
- Red Hat Bugzilla �?? Bug 1670384 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670392 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670393 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670400 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670401 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670403 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670404 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670406 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670408 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670409 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670410 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670412 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670413 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670416 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670417 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670422 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670423 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670424 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670425 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671356 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671358 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671359 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671361 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671363 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1671367 (Red Hat Bugzilla)
- Reverse RDP Attack: Code Execution on RDP Clients (Check Point)