14 lines
1.6 KiB
JSON
14 lines
1.6 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1657",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1657",
|
|
"title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Critical",
|
|
"description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\n\nSecurity Fix(es):\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883)\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-24882",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24882",
|
|
"severity": "Critical"
|
|
}
|
|
]
|
|
} |