CVE-2018-8789 - OpenCVE

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Freerdp	Freerdp

Configuration 1 [-]

OR	cpe:2.3:a:freerdp:freerdp::::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc1::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc2::::::
	cpe:2.3:a:freerdp:freerdp:2.0.0:rc3::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/106938	Third Party Advisory VDB Entry
https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html	Mailing List Third Party Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/	Exploit Third Party Advisory
https://usn.ubuntu.com/3845-1/	Third Party Advisory
https://usn.ubuntu.com/3845-2/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: checkpoint

Published: 2018-10-22T00:00:00

Updated: 2019-06-03T15:06:11

Reserved: 2018-03-19T00:00:00

Link: CVE-2018-8789

JSON object: View

NVD Information

Status : Modified

Published: 2018-11-29T18:29:01.053

Modified: 2019-06-03T16:29:00.903

Link: CVE-2018-8789

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "FreeRDP", "vendor": "Check Point Software Technologies Ltd.", "versions": [{"status": "affected", "version": "All versions prior to 2.0.0-rc4"}]}], "datePublic": "2018-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-06-03T15:06:11", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"name": "106938", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106938"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6"}, {"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"}, {"name": "USN-3845-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3845-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"name": "USN-3845-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3845-2/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2018-10-22T00:00:00", "ID": "CVE-2018-8789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeRDP", "version": {"version_data": [{"version_value": "All versions prior to 2.0.0-rc4"}]}}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126: Buffer Over-read"}]}]}, "references": {"reference_data": [{"name": "106938", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106938"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6", "refsource": "CONFIRM", "url": "https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6"}, {"name": "[debian-lts-announce] 20190209 [SECURITY] [DLA 1666-1] freerdp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"}, {"name": "USN-3845-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3845-1/"}, {"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", "refsource": "CONFIRM", "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"name": "USN-3845-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3845-2/"}]}}}}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2018-8789", "datePublished": "2018-10-22T00:00:00", "dateReserved": "2018-03-19T00:00:00", "dateUpdated": "2019-06-03T15:06:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB13905B-B0E9-443E-B150-9D64E20DC464", "versionEndIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F226993C-3AB8-4F86-8591-40CAAC8DD73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "985D90BF-3B2B-4A3C-B698-DBCB0241B95B", "vulnerable": true}, {"criteria": "cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7C4656D2-EEC4-4871-BA0F-76F760526B1B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault)."}, {"lang": "es", "value": "FreeRDP en versiones anteriores a la 2.0.0-rc4 contiene varias lecturas fuera de l\u00edmites en el m\u00f3dulgo NTLM Authentication que resulta en una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n)."}], "id": "CVE-2018-8789", "lastModified": "2019-06-03T16:29:00.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-29T18:29:01.053", "references": [{"source": "cve@checkpoint.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106938"}, {"source": "cve@checkpoint.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6"}, {"source": "cve@checkpoint.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"source": "cve@checkpoint.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3845-1/"}, {"source": "cve@checkpoint.com", "url": "https://usn.ubuntu.com/3845-2/"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-126"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}