GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Dec 13, 2014 10:26 pm Post subject: [ GLSA 201412-18 ] FreeRDP: User-assisted execution of arbit |
|
|
Gentoo Linux Security Advisory
Title: FreeRDP: User-assisted execution of arbitrary code (GLSA 201412-18)
Severity: normal
Exploitable: remote
Date: December 13, 2014
Bug(s): #511688
ID: 201412-18
Synopsis
An integer overflow in FreeRDP couuld result in execution of
arbitrary code or Denial of Service.
Background
FreeRDP is a free implementation of the remote desktop protocol.
Affected Packages
Package: net-misc/freerdp
Vulnerable: < 1.1.0_beta1_p20130710-r1
Unaffected: >= 1.1.0_beta1_p20130710-r1
Architectures: All supported architectures
Description
FreeRDP does not properly validate user-supplied input, which could lead
to an integer overflow in the xf_Pointer_New() function.
Impact
A remote attacker could execute arbitrary code with the privileges of
the process or cause Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All FreeRDP users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-misc/freerdp-1.1.0_beta1_p20130710-r1"
|
References
CVE-2014-0250 |
|