Bug 1198921 - (CVE-2022-24883) VUL-0: CVE-2022-24883: freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds
(CVE-2022-24883)
VUL-0: CVE-2022-24883: freerdp: Server Side Auth Against a SAM File May Succe...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Daike Yu
Security Team bot
https://smash.suse.de/issue/330109/
CVSSv3.1:SUSE:CVE-2022-24883:8.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-27 08:53 UTC by Hu
Modified: 2022-07-11 16:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-04-27 08:53:03 UTC
rh#2079057

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.

https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2079057
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24883
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24883
Comment 1 Hu 2022-04-27 08:53:27 UTC
Affected:
 - SUSE:SLE-12-SP2:Update/freerdp          2.1.2
 - SUSE:SLE-15-SP2:Update/freerdp          2.1.2
 - openSUSE:Backports:SLE-15-SP3/freerdp   2.1.2
 - SUSE:SLE-15-SP4:Update/freerdp          2.4.0
 - openSUSE:Factory/freerdp                2.6.1
Comment 3 Swamp Workflow Management 2022-07-11 13:17:53 UTC
SUSE-SU-2022:2352-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1198919,1198921
CVE References: CVE-2022-24882,CVE-2022-24883
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    freerdp-2.1.2-12.23.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freerdp-2.1.2-12.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2022-07-11 16:16:53 UTC
SUSE-SU-2022:2354-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1198919,1198921
CVE References: CVE-2022-24882,CVE-2022-24883
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    freerdp-2.4.0-150400.3.3.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    freerdp-2.4.0-150400.3.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    freerdp-2.4.0-150400.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-07-11 16:17:34 UTC
SUSE-SU-2022:2353-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1198919,1198921
CVE References: CVE-2022-24882,CVE-2022-24883
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    freerdp-2.1.2-150200.15.15.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    freerdp-2.1.2-150200.15.15.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    freerdp-2.1.2-150200.15.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.