Six Vulnerabilities in FreeRDP Found by Researchers

remote desktop protocol in the form of binary code

Cisco’s Talos research team stumbled upon six vulnerabilities in the FreeRDP protocol. A remedial patch has since been issued to address the flaws.

(RDP), created by Microsoft, is a platform-independent tool that works alongside FreeRDP, a version frequently used for private applications or as integrated into commercial systems and networks.

FreeRDP can function in the Windows, Linux and Mac environments.

Now it has to come to light that there are vulnerabilities in this protocol, and researchers have been able to identify six such flaws falling into two types.

The vulnerabilities pose security threats to both the server side and the client side of the system.

Luckily, the free RDP developers have made steps to plug the holes by releasing a patch.

Two Distinct Types of Issues Found

The problem areas identified in the FreeRDP protocol are being described as code execution and denial of service (DoS)—both of which have been reported to Microsoft.

Within those categories, two vulnerabilities relate to code execution processes and four are associated with denial of service.

Referring to the code execution issue, researchers have pointed out that the server side usually sends the license message to the client using this protocol, and there is practically no verification at the client-side.

Experts also point out that this is where an attacker can intrude and make changes to the arbitrary codes, resulting in compromising the loop. This vulnerability has been named CVE-2017-2834.

The other flaw within the same code execution category, named CVE-2017-2835, is almost similar in nature to the first.

Here, the received function of the protocol and the weakness is the mention of the length field value.

As indicated, the client-side RDP does not have a verification code.

If the value turns out to be negative, it opens access for the intruder to execute codes to disturb the security in the network.

The DoS Issues

The four other vulnerabilities have been categorized as being of the denial of service type. These four flaws have been assigned numbers 2836 to 2839.

Those conducting research on the FreeRDP ecosystem have been able to precisely locate each of these vulnerabilities.

The first among these four is located in proprietary certificates’ parsing. In this, the FreeRDP library can be made to crash by manipulating the value of the public key.

The second DoS flaw is in the security data function, wherein the client-side system crashes after the length value of the server’s service packet is altered by the attacker.

The result will be denial of service at the client side.

The next vulnerability code, CVE-2017-2838, also ends up crashing the FreeRDP client-side system or network.

In this flaw, the attacker can take advantage of the provision in the FreeRDP process, in which the message packet’s value needs to be below four to be received well by the client and the command executed.

Here, the attacker inflicts harm by adding another value of four to the incremental value, so the packet cannot be validated.

This will also result in the denial of service notice on the client-side system.

The last flaw is almost similar in nature to the one described above, except that the intruder can change the whole packet—instead of just changing the value—and the license read functionality cannot accept the packet.

As a result, the system will be brought down.

Developers Release Patch

Security breach

Cisco is behind the research finding these flaws.

Talos, the Cisco-operated intelligence group, was behind the research findings on these flaws.

The group has educated the users at large on the technical details of how these vulnerabilities occur and how a malicious hacker can mount an attack to cause security breaches.

Talos also informed the developers of the system’s security issues.

After the relevant disclosures were made and communicated to the public, the developers released a remedy in the form of a patch.

The patch can be downloaded and installed to prevent any such misadventure in FreeRDP networks.

Any open system of the type the FreeRDP protocol offers does produce vulnerabilities.

The security flaws detected by this research team explains how it becomes possible for a middle-man to exploit these vulnerabilities and either cause the system to crash or induce difficulties in the code execution process.

Luckily, the team could come up with the patch to resolve the issues.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.