PT-2018-9576 · Freerdp+6 · Freerdp+6

Akallabeth

Published

2018-12-20

Updated

2024-06-15

CVE-2018-1000852

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to the commit with ID 205c612820dac644d665b5bb1cdf437dc5ca01e3

Description The issue allows an RDP server to read the client's memory. This can occur when the client connects to the RDP server with the echo option. The vulnerability is located in the drdynvc process capability request function in the channels/drdynvc/client/drdynvc main.c file.

Recommendations To resolve the issue, update FreeRDP to a version after the commit with ID 205c612820dac644d665b5bb1cdf437dc5ca01e3. As a temporary workaround, consider avoiding the use of the echo option when connecting to RDP servers until a patch is available. Restrict access to the drdynvc process capability request function in the drdynvc main.c file to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-1941

ALT-PU-2020-1960

CESA-2019_2157

CVE-2018-1000852

OPENSUSE-SU-2019:0325-1

OPENSUSE-SU-2019_0096-1

OPENSUSE-SU-2019_0325-1

OPENSUSE-SU-2024:10768-1

RHSA-2019:2157

RHSA-2019_2157

SUSE-SU-2019:0134-1

SUSE-SU-2019:0539-1

SUSE-SU-2020:2272-1

USN-4379-1

Affected Products

Alt Linux

Centos

Freerdp

Linuxmint

Red Hat

Suse

Ubuntu

PT-2018-9576 · Freerdp+6 · Freerdp+6

CVE-2018-1000852

Weakness Enumeration

Related Identifiers

Affected Products

References · 123