Описание
Security update for freerdp
This update for freerdp fixes the following issues:
- CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919).
- CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Workstation Extension 15 SP4
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:2354-1
- E-Mail link for SUSE-SU-2022:2354-1
- SUSE Security Ratings
- SUSE Bug 1198919
- SUSE Bug 1198921
- SUSE CVE CVE-2022-24882 page
- SUSE CVE CVE-2022-24883 page
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
Затронутые продукты
Ссылки
- CVE-2022-24882
- SUSE Bug 1198919
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
Затронутые продукты
Ссылки
- CVE-2022-24883
- SUSE Bug 1198921