Lucene search

[email protected]CVE-2008-5904

HistoryJan 15, 2009 - 5:30 p.m.

CVE-2008-5904

2009-01-1517:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-5904

xrdp

buffer overflow

nvd

security

remote code execution

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

CPENameOperatorVersion
xrdp:xrdpxrdpeq0.4
xrdp:xrdpxrdpeq0.3.2
xrdp:xrdpxrdpeq0.3
xrdp:xrdpxrdple0.4.1
xrdp:xrdpxrdpeq0.3.1

CPE	Name	Operator	Version
xrdp:xrdp	xrdp	eq	0.4
xrdp:xrdp	xrdp	eq	0.3.2
xrdp:xrdp	xrdp	eq	0.3
xrdp:xrdp	xrdp	le	0.4.1
xrdp:xrdp	xrdp	eq	0.3.1

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

openwall.com/lists/oss-security/2009/01/12/3

packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/48094

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2008-5904

prion1 ubuntucve1 debiancve1 nessus1 openvas2