Lucene search

K
centosCentOS ProjectCESA-2008:0575
HistoryJul 24, 2008 - 7:41 p.m.

rdesktop security update

2008-07-2419:41:48
CentOS Project
lists.centos.org
44

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.959

Percentile

99.5%

CentOS Errata and Security Advisory CESA-2008:0575

rdesktop is an open source client for Microsoft Windows NT Terminal Server
and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively
using the Remote Desktop Protocol (RDP) to present the user’s NT desktop.
No additional server extensions are required.

An integer underflow and integer signedness issue were discovered in the
rdesktop. If an attacker could convince a victim to connect to a malicious
RDP server, the attacker could cause the victim’s rdesktop to crash or,
possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)

Users of rdesktop should upgrade to these updated packages, which contain a
backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077323.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077324.html

Affected packages:
rdesktop

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0575

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.959

Percentile

99.5%