Lucene search

[email protected]CVE-2008-1801

HistoryMay 12, 2008 - 4:20 p.m.

CVE-2008-1801

2008-05-1216:20:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-1801

security

denial of service

remote code execution

iso_recv_msg

rdesktop 1.5.0

rdp

remote desktop protocol

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.4%

JSON

Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

CPENameOperatorVersion
rdesktop:rdesktoprdesktopeq1.5.0

CPE	Name	Operator	Version
rdesktop:rdesktop	rdesktop	eq	1.5.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=696

rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD

secunia.com/advisories/30118

secunia.com/advisories/30248

secunia.com/advisories/30380

secunia.com/advisories/30713

secunia.com/advisories/31222

secunia.com/advisories/31224

secunia.com/advisories/31928

security.gentoo.org/glsa/glsa-200806-04.xml

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.395286

sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1

support.avaya.com/elmodocs2/security/ASA-2008-360.htm

www.debian.org/security/2008/dsa-1573

www.mandriva.com/security/advisories?name=MDVSA-2008:101

www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html

www.redhat.com/support/errata/RHSA-2008-0575.html

www.redhat.com/support/errata/RHSA-2008-0576.html

www.redhat.com/support/errata/RHSA-2008-0725.html

www.securityfocus.com/bid/29097

www.securitytracker.com/id?1019990

www.ubuntu.com/usn/usn-646-1

www.vupen.com/english/advisories/2008/1467/references

www.vupen.com/english/advisories/2008/2403

exchange.xforce.ibmcloud.com/vulnerabilities/42272

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11570

www.exploit-db.com/exploits/5561

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2008-1801

openvas27 nessus20 securityvulns2 ubuntucve1 redhat3 slackware1 oraclelinux2 debiancve1 prion1 packetstorm1 centos2 fedora3 gentoo1 ubuntu1 osv1 seebug1 debian2 suse1