Fedora 28 update for freerdp, gnome-boxes, pidgin-sipe, remmina
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-1000852 CVE-2018-8786 |
| CWE-ID | CWE-200 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system remmina Operating systems & Components / Operating system package or component pidgin-sipe Operating systems & Components / Operating system package or component gnome-boxes Operating systems & Components / Operating system package or component freerdp Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU17250
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-1000852
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request. A remote attacker can connect the rdp server with echo option and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
remmina: before 1.3.3-1.fc28
pidgin-sipe: before 1.24.0-3.fc28
gnome-boxes: before 3.28.5-2.fc28
freerdp: before 2.0.0-49.20190304git435872b.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:remmina:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:pidgin-sipe:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:gnome-boxes:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:freerdp:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b2d986c3e9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap-based buffer overflow
EUVDB-ID: #VU16592
Risk: High
CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-8786
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code.
The vulnerability exists due to improper handling of bitmaps by the update_read_bitmap_update() function, as defined in the update.c source code file. A remote attacker can send a specially crafted request that submits malicious input, trigger a heap-based buffer overflow condition that the attacker can use to cause a DoS condition or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
remmina: before 1.3.3-1.fc28
pidgin-sipe: before 1.24.0-3.fc28
gnome-boxes: before 3.28.5-2.fc28
freerdp: before 2.0.0-49.20190304git435872b.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:remmina:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:pidgin-sipe:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:gnome-boxes:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:freerdp:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b2d986c3e9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
