Bug 2079057 (CVE-2022-24883)

Summary: CVE-2022-24883 freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds
Product: [Other] Security Response Reporter: juneau
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: extras-orphan, negativo17, oholy, philip.wyett
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freerdp 2.7.0 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in freerdp. This flaw occurs when the server-side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. This issue exposes an improper authenticating vulnerability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-01 17:55:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2079212, 2079207, 2079210, 2079211    
Bug Blocks: 2079058    

Description juneau 2022-04-26 19:22:05 UTC 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.

https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
Comment 1 Sandipan Roy 2022-04-27 08:05:09 UTC 
Created freerdp tracking bugs for this issue:

Affects: fedora-all [bug 2079207]
Comment 2 Sandipan Roy 2022-04-27 08:07:26 UTC 
Created freerdp1.2 tracking bugs for this issue:

Affects: epel-all [bug 2079212]
Comment 4 Fedora Update System 2022-05-07 04:31:23 UTC 
FEDORA-2022-dc48a89918 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 5 Fedora Update System 2022-05-11 01:33:50 UTC 
FEDORA-2022-b0a47f8060 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Product Security DevOps Team 2022-09-01 17:55:49 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24883