Advisories ยป MGASA-2017-0243

Updated freerdp packages fix security vulnerabilities

Publication date: 03 Aug 2017
Modification date: 16 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-2834 , CVE-2017-2835 , CVE-2017-2836 , CVE-2017-2837 , CVE-2017-2838 , CVE-2017-2839

Description

An exploitable code execution vulnerability exists in the authentication
functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server
response can cause an out-of-bounds write resulting in an exploitable
condition. An attacker can compromise the server or use a man in the middle
attack to trigger this vulnerability (CVE-2017-2834).

An exploitable code execution vulnerability exists in the RDP receive
functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server
response can cause an out-of-bounds write resulting in an exploitable
condition. An attacker can compromise the server or use a man in the middle to
trigger this vulnerability (CVE-2017-2835).

An exploitable denial of service vulnerability exists within the reading of
proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially
crafted challenge packet can cause the program termination leading to a denial
of service condition. An attacker can compromise the server or use man in the
middle to trigger this vulnerability (CVE-2017-2836).

An exploitable denial of service vulnerability exists within the handling of
security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge
packet can cause the program termination leading to a denial of service
condition. An attacker can compromise the server or use man in the middle to
trigger this vulnerability (CVE-2017-2837).

An exploitable denial of service vulnerability exists within the handling of
challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted
challenge packet can cause the program termination leading to a denial of
service condition. An attacker can compromise the server or use man in the
middle to trigger this vulnerability (CVE-2017-2838, CVE-2017-2839).
                

References

SRPMS

6/core