PublicDateAtUSN: 2018-12-20 15:29:00 UTC
Candidate: CVE-2018-1000852
PublicDate: 2018-12-20 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000852
 https://ubuntu.com/security/notices/USN-4379-1
Description:
 FreeRDP FreeRDP 2.0.0-rc3 released version before commit
 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown
 vulnerability in channels/drdynvc/client/drdynvc_main.c,
 drdynvc_process_capability_request that can result in The RDP server can
 read the client's memory.. This attack appear to be exploitable via
 RDPClient must connect the rdp server with echo option. This vulnerability
 appears to have been fixed in after commit
 205c612820dac644d665b5bb1cdf437dc5ca01e3.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/FreeRDP/FreeRDP/issues/4866
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L [6.5 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_freerdp2:
 upstream: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
upstream_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
precise/esm_freerdp2: DNE
trusty_freerdp2: DNE
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.1.1+dfsg1-0ubuntu0.18.04.1)
cosmic_freerdp2: ignored (reached end-of-life)
disco_freerdp2: not-affected (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
eoan_freerdp2: not-affected (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
focal_freerdp2: not-affected (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
devel_freerdp2: not-affected (2.0.0~git20181120.1.e21b72c95+dfsg1-1)

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: ignored (reached end-of-life)
trusty/esm_freerdp: DNE (trusty was needed)
xenial_freerdp: not-affected (code not present)
esm-infra/xenial_freerdp: not-affected (code not present)
bionic_freerdp: not-affected (code not present)
cosmic_freerdp: not-affected (code not present)
disco_freerdp: DNE
eoan_freerdp: DNE
focal_freerdp: DNE
devel_freerdp: DNE