Improper Certificate Validation in FreeRDP and Debian Linux

#VU37165 Improper Certificate Validation in FreeRDP and Debian Linux

Published: 2018-04-24 | Updated: 2020-08-08

Vulnerability identifier: #VU37165

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2836

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeRDP
Universal components / Libraries / Libraries used by multiple products
Debian Linux
Operating systems & Components / Operating system

Vendor: FreeRDP
Debian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FreeRDP: 2.0.0

Debian Linux: 2.0.0 - 9.0

External links
http://www.securityfocus.com/bid/99942
http://www.debian.org/security/2017/dsa-3923
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FreeRDP

OpenSUSE Linux update for freerdp