A CVE has been assigned for a security issue in freerdp: http://openwall.com/lists/oss-security/2014/05/28/2 There doesn't appear to be a fix available yet. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
OpenSuSE has issued an advisory for this today (July 1): http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html This fixes an additional CVE as well, CVE-2014-0791.
URL: (none) => http://lwn.net/Vulnerabilities/604034/Summary: freerdp new security issue CVE-2014-0250 => freerdp new security issues CVE-2014-0250 and CVE-2014-0791
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet (CVE-2014-0791). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0250 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0791 http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html ======================== Updated packages in core/updates_testing: ======================== freerdp-1.0.1-2.1.mga3 libfreerdp1-1.0.1-2.1.mga3 libfreerdp-devel-1.0.1-2.1.mga3 freerdp-1.0.2-2.1.mga4 libfreerdp1-1.0.2-2.1.mga4 libfreerdp-devel-1.0.2-2.1.mga4 from SRPMS: freerdp-1.0.1-2.1.mga3.src.rpm freerdp-1.0.2-2.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Testing on MGA4-86 and MGA4-64 tonight. I can't find a PoC at this time so I will confirm connectivity to a few Windows versions still works. MGA3 will need to be tested by someone else as I don't have boxes to test on.
CC: (none) => dpremy
Tested on MGA4-86 and I still can connect to a variety of remote Windows systems. Used xfreerdp for some time now and can't find anything that doesn't work with this update. Still can't find a PoC so I assume it is resolved.
Whiteboard: MGA3TOO => MGA3TOO mga4-86-ok
The procedure to test needs a remote system with RDP enabled. Im my case a Windows client is easiest although my understanding is that VirtualBox can enable remote consoles on VMs which uses RDP as well. # urpmi freerdp # xfreerdp -u <remote username> [-d <domain>] <remote IP> If all goes well you should get a password prompt and then be connected. Note that if you are connecting to a Windows box which has NLA enabled you must put the IP or computer name as the last argument as of this writting. https://github.com/FreeRDP/FreeRDP/issues/733
Whiteboard: MGA3TOO mga4-86-ok => MGA3TOO mga4-86-ok has_procedure
I assume you meant i586 (aka 32-bit), so fixing the tag.
Whiteboard: MGA3TOO mga4-86-ok has_procedure => MGA3TOO mga4-32-ok has_procedure
I sure did, thanks for the catch. Tested on mga4-64 and it worked as well, adding proper tag.
Whiteboard: MGA3TOO mga4-32-ok has_procedure => MGA3TOO mga4-32-ok mga4-64-ok has_procedure
found no open poc, so testing simply connecting from mga3 VBs to Windows7 VB via xfreerdp for both arch: everything is working fine. following packages are installed [root@localhost marc]# rpm -qa | grep rdp lib64freerdp1-1.0.1-2.1.mga3 freerdp-1.0.1-2.1.mga3 after the advisory is uploaded, the update can be validated and pushed to updates.
Whiteboard: MGA3TOO mga4-32-ok mga4-64-ok has_procedure => MGA3TOO has_procedure MGA4-64-OK MGA3-32-OK MGA3-64-OK MGA4-32-OK
Thanks Marc. I just used freerdp on Mageia 3 i586 at work to do something on a Windows 7 machine and it worked fine for me too.
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA4-64-OK MGA3-32-OK MGA3-64-OK MGA4-32-OK => MGA3TOO has_procedure advisory MGA4-64-OK MGA3-32-OK MGA3-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2014-0287.html
Status: NEW => RESOLVEDCC: (none) => pterjanResolution: (none) => FIXED