CVE-2018-1000852

NameCVE-2018-1000852
DescriptionFreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freerdp (PTS)jessie1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1fixed
jessie (security)1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3fixed
stretch1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3fixed
stretch (security)1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1fixed
freerdp2 (PTS)buster, sid2.0.0~git20190204.1.2693389a+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freerdpsource(unstable)(not affected)
freerdp2source(unstable)2.0.0~git20181120.1.e21b72c95+dfsg1-1high

Notes

- freerdp <not-affected> (Vulnerable code not present)
https://github.com/FreeRDP/FreeRDP/issues/4866
https://github.com/FreeRDP/FreeRDP/pull/4871
https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471

Search for package or bug name: Reporting problems