6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.5 Medium
AI Score
Confidence
Low
0.02 Low
EPSS
Percentile
88.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0297");
script_cve_id("CVE-2020-11017", "CVE-2020-11018", "CVE-2020-11019", "CVE-2020-11038", "CVE-2020-11039", "CVE-2020-11040", "CVE-2020-11041", "CVE-2020-11042", "CVE-2020-11043", "CVE-2020-11044", "CVE-2020-11045", "CVE-2020-11046", "CVE-2020-11047", "CVE-2020-11048", "CVE-2020-11049", "CVE-2020-11058", "CVE-2020-11085", "CVE-2020-11086", "CVE-2020-11087", "CVE-2020-11088", "CVE-2020-11089", "CVE-2020-11095", "CVE-2020-11096", "CVE-2020-11097", "CVE-2020-11098", "CVE-2020-11099", "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-13396", "CVE-2020-13397", "CVE-2020-13398", "CVE-2020-4030", "CVE-2020-4031", "CVE-2020-4032", "CVE-2020-4033");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-06-01 18:11:29 +0000 (Mon, 01 Jun 2020)");
script_name("Mageia: Security Advisory (MGASA-2020-0297)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2020-0297");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0297.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26699");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg");
script_xref(name:"URL", value:"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9");
script_xref(name:"URL", value:"https://gitlab.com/Remmina/Remmina/-/releases#v1.4.7");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4379-1");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'freerdp, remmina' package(s) announced via the MGASA-2020-0297 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
The freerdp package has been updated to version 2.1.2 to fix these issues.
Also, the remmina package has been updated to version 1.4.7 for
compatibility with the updated freerdp.");
script_tag(name:"affected", value:"'freerdp, remmina' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"freerdp", rpm:"freerdp~2.1.2~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64freerdp-devel", rpm:"lib64freerdp-devel~2.1.2~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64freerdp2", rpm:"lib64freerdp2~2.1.2~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp-devel", rpm:"libfreerdp-devel~2.1.2~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2", rpm:"libfreerdp2~2.1.2~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina", rpm:"remmina~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-devel", rpm:"remmina-devel~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-common", rpm:"remmina-plugins-common~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-exec", rpm:"remmina-plugins-exec~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-kwallet", rpm:"remmina-plugins-kwallet~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-nx", rpm:"remmina-plugins-nx~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-rdp", rpm:"remmina-plugins-rdp~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-secret", rpm:"remmina-plugins-secret~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-spice", rpm:"remmina-plugins-spice~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-st", rpm:"remmina-plugins-st~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-vnc", rpm:"remmina-plugins-vnc~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-www", rpm:"remmina-plugins-www~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"remmina-plugins-xdmcp", rpm:"remmina-plugins-xdmcp~1.4.7~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
advisories.mageia.org/MGASA-2020-0297.html
bugs.mageia.org/show_bug.cgi?id=26699
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
gitlab.com/Remmina/Remmina/-/releases#v1.4.7
lists.fedoraproject.org/archives/list/[email protected]/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/
lists.fedoraproject.org/archives/list/[email protected]/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/
ubuntu.com/security/notices/USN-4379-1
MGASA-2020-0297
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.5 Medium
AI Score
Confidence
Low
0.02 Low
EPSS
Percentile
88.9%