Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 679416 (CVE-2018-1000852) - <net-misc/freerdp-2.0.0_rc4: out of bounds read in drdynvc_process_capability_request (CVE-2018-1000852)
Summary: <net-misc/freerdp-2.0.0_rc4: out of bounds read in drdynvc_process_capability...
Status: RESOLVED FIXED
Alias: CVE-2018-1000852
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2018-8784, CVE-2018-8785, CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789
Blocks:
  Show dependency tree
 
Reported: 2019-03-04 16:47 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-28 19:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-03-04 16:47:55 UTC
CVE-2018-1000852 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000852):
  FreeRDP FreeRDP 2.0.0-rc3 released version before commit
  205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown
  vulnerability in channels/drdynvc/client/drdynvc_main.c,
  drdynvc_process_capability_request that can result in The RDP server can
  read the client's memory.. This attack appear to be exploitable via
  RDPClient must connect the rdp server with echo option. This vulnerability
  appears to have been fixed in after commit
  205c612820dac644d665b5bb1cdf437dc5ca01e3.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-29 20:50:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90b6afa43fad256f625e2ccbe45a48f889e48f5f

commit 90b6afa43fad256f625e2ccbe45a48f889e48f5f
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-09-29 20:50:45 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-09-29 20:50:45 +0000

    net-misc/freerdp: remove old
    
    Bug: https://bugs.gentoo.org/679416
    Package-Manager: Portage-2.3.75_p7, Repoman-2.3.17_p49
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                    |   1 -
 net-misc/freerdp/freerdp-2.0.0_rc2-r1.ebuild | 119 ---------------------------
 2 files changed, 120 deletions(-)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-06 19:52:15 UTC
Why did you revert cleanup (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b17e3543da1c86ea2f7718887a82ba822ca0927)?
Comment 3 Mike Gilbert gentoo-dev 2019-10-07 17:05:35 UTC
(In reply to Thomas Deutschmann from comment #2)
> Why did you revert cleanup
> (https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=8b17e3543da1c86ea2f7718887a82ba822ca0927)?

ppc is lagging on stabilization due to failing tests. See bug 672010.
Comment 4 Larry the Git Cow gentoo-dev 2019-12-12 20:15:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f2438131f86e39251efb3620668c776f9f4243

commit 08f2438131f86e39251efb3620668c776f9f4243
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-12-12 20:14:23 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-12-12 20:15:13 +0000

    net-misc/freerdp: remove old
    
    Bug: https://bugs.gentoo.org/672010
    Bug: https://bugs.gentoo.org/679416
    Package-Manager: Portage-2.3.80_p5, Repoman-2.3.19_p4
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                         |   1 -
 net-misc/freerdp/files/2.0.0-rc2-primitives.patch |  41 --------
 net-misc/freerdp/freerdp-2.0.0_rc2-r1.ebuild      | 120 ----------------------
 3 files changed, 162 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 19:34:03 UTC
Tree is clean.