USN-6749-1: FreeRDP vulnerabilities

FreeRDP, a widely-utilized implementation of the Remote Desktop Protocol (RDP), has recently been identified as having multiple critical vulnerabilities, which could potentially allow malicious servers to cause severe disruptions or unintended code execution on client systems.

The first vulnerability, identified as CVE-2024-22211, concerns an integer overflow in freerdp_bitmap_planar_context_reset that leads to a heap-buffer overflow, exclusively affecting FreeRDP based clients. The vulnerability sparked when a malicious server sends a crafted RDPGFX_RESET_GRAPHICS_PDU, possibly leading to unbounded buffer operations. This specific flaw has been addressed in FreeRDP versions 2.11.5 and 3.2.0 but remained a significant threat to users on prior versions.

Subsequently, Evgeny Legerov discovered multiple vulnerabilities, primarily CVE-2024-32039 and CVE-2024-32040, dealing with integer overflows and out-of-bounds writes in operations not securely handled by FreeRDP. These vulnerabilities open potential for attackers to crash the FreeRDP application, leading directly to denial of service attacks, or in some scenarios, arbitrary code execution. Versions affected are prior to 3.5.0 or 2.11.6 with patches and workarounds primarily involving the avoidance of specific graphic options like /gfx or NSC codec usage.

Users and administrators are encouraged to promptly upgrade to patched versions to mitigate these risks. Implementing suggested workarounds, where upgrades are currently not feasible, can help reduce exposure but are not full-proof solutions for the underlying problems.

In ensuring the security and functionality of remote desktop operations, it may also be prudent to consider robust patch management solutions. Services like LinuxPatch offer comprehensive patch management platforms for Linux servers, helping ensure critical applications like FreeRDP run on secure, updated software.

Continuous vigilance and proactive security are needed as we navigate the complexities of network computing and remote desktop operations in today's distributed work environments.