ID CVE-2014-0791
Summary Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.
References
Vulnerable Configurations
  • FreeRDP 1.0.0
    cpe:2.3:a:freerdp_project:freerdp:1.0.0
  • FreeRDP 1.0.1
    cpe:2.3:a:freerdp_project:freerdp:1.0.1
  • FreeRDP 1.0.2
    cpe:2.3:a:freerdp_project:freerdp:1.0.2
CVSS
Base: 6.8 (as of 23-11-2015 - 12:05)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-452.NASL
    description freerdp was patched to fix several integer overflows. These security issues were fixed : - Integer overflow (CVE-2014-0791) - Integer overflows in memory allocations in client/X11/xf_graphics.c (CVE-2014-0250)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76343
    published 2014-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76343
    title openSUSE Security Update : freerdp (openSUSE-SU-2014:0862-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2506-1.NASL
    description This update for freerdp fixes the following issues : - CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013). - CVE-2014-0791: Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. (bsc#857491) - CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allowed remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. (bsc#880317) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94037
    published 2016-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94037
    title SUSE SLED12 Security Update : freerdp (SUSE-SU-2016:2506-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3380-1.NASL
    description It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain length values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2834, CVE-2017-2835) Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A malicious server could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102260
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102260
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : freerdp vulnerabilities (USN-3380-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-171.NASL
    description Updated freerdp packages fix security vulnerabilities : Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet (CVE-2014-0791).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82447
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82447
    title Mandriva Linux Security Advisory : freerdp (MDVSA-2015:171)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1132.NASL
    description This update for freerdp fixes the following issues : Security issues fixed : - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93758
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93758
    title openSUSE Security Update : freerdp (openSUSE-2016-1132)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1131.NASL
    description This update for freerdp fixes the following issues : Security issues fixed : - CVE-2013-4118: Add a NULL pointer check to fix a server crash (boo#829013). - CVE-2014-0791: The remaining length in the stream is checked before doing some malloc(), which could have lead to crashes. (boo#857491).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93757
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93757
    title openSUSE Security Update : freerdp (openSUSE-2016-1131)
refmap via4
confirm http://advisories.mageia.org/MGASA-2014-0287.html
mandriva MDVSA-2015:171
misc
mlist
  • [oss-security] 20140102 CVE for freerdp int overflow?
  • [oss-security] 20140103 Re: CVE for freerdp int overflow?
suse
  • openSUSE-SU-2014:0862
  • openSUSE-SU-2016:2400
  • openSUSE-SU-2016:2402
Last major update 04-10-2016 - 21:59
Published 03-01-2014 - 13:54
Last modified 14-11-2017 - 21:29
Back to Top