rdesktop -- several vulnerabilities

2008-05-11T00:00:00
ID DSA-1573
Type debian
Reporter Debian
Modified 2008-05-11T00:00:00

Description

Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. The Common Vulnerabilities and Exposures project identifies the following problems:

Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.

Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.

Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.

For the stable distribution (etch), these problems have been fixed in version 1.5.0-1etch2.

For the unstable distribution (sid), these problems have been fixed in version 1.5.0-4+cvs20071006.

We recommend that you upgrade your rdesktop package.