CVE-2018-1000852

NameCVE-2018-1000852
DescriptionFreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freerdp (PTS)jessie (security), jessie1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1vulnerable
stretch1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2vulnerable
stretch (security)1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1vulnerable
freerdp2 (PTS)buster, sid2.0.0~git20181120.1.e21b72c95+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freerdpsource(unstable)(unfixed)
freerdp2source(unstable)2.0.0~git20181120.1.e21b72c95+dfsg1-1

Notes

https://github.com/FreeRDP/FreeRDP/issues/4866
https://github.com/FreeRDP/FreeRDP/pull/4871
https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471

Search for package or bug name: Reporting problems