Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200806-04
HistoryJun 14, 2008 - 12:00 a.m.

rdesktop: Multiple vulnerabilities

2008-06-1400:00:00
Gentoo Foundation
security.gentoo.org
10

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.4%

JSON

Background

rdesktop is an open source Remote Desktop Protocol (RDP) client.

Description

An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs:

  • An integer underflow error exists in the function iso_recv_msg() in the file iso.c which can be triggered via a specially crafted RDP request, causing a heap-based buffer overflow (CVE-2008-1801).
  • An input validation error exists in the function process_redirect_pdu() in the file rdp.c which can be triggered via a specially crafted RDP redirect request, causing a BSS-based buffer overflow (CVE-2008-1802).
  • An integer signedness error exists in the function xrealloc() in the file rdesktop.c which can be be exploited to cause a heap-based buffer overflow (CVE-2008-1803).

Impact

An attacker could exploit these vulnerabilities by enticing a user to connect to a malicious RDP server thereby allowing the attacker to execute arbitrary code or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All rdesktop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.6.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/rdesktop<Β 1.6.0UNKNOWN

Related

openvas 27
nessus 20
securityvulns 4
fedora 3
osv 1
ubuntu 1
debian 2
seebug 1
oraclelinux 2
redhat 3
centos 2
debiancve 3
ubuntucve 3
prion 3
cve 3
slackware 1
packetstorm 2
checkpoint_advisories 1
suse 1
openvas
openvas
Debian Security Advisory DSA 1573-1 (rdesktop)
2008-05-27 00:00:00
Mandriva Update for rdesktop MDVSA-2008:101 (rdesktop)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200806-04 (rdesktop)
2008-09-24 00:00:00
nessus
nessus
Debian DSA-1573-1 : rdesktop - several vulnerabilities
2008-05-13 00:00:00
openSUSE 10 Security Update : rdesktop (rdesktop-5271)
2008-08-15 00:00:00
GLSA-200806-04 : rdesktop: Multiple vulnerabilities
2008-06-16 00:00:00
securityvulns
securityvulns
rdesktop multiple security vulnerabilities
2008-05-08 00:00:00
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg&#40;&#41; Integer Underflow Vulnerability
2008-05-08 00:00:00
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu&#40;&#41; BSS Overflow Vulnerability
2008-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: rdesktop-1.6.0-1.fc8
2008-05-14 22:12:39
[SECURITY] Fedora 7 Update: rdesktop-1.6.0-1.fc7
2008-05-14 22:15:23
[SECURITY] Fedora 9 Update: rdesktop-1.6.0-1.fc9
2008-05-14 22:08:33
osv
osv
rdesktop - several vulnerabilities
2008-05-11 00:00:00
ubuntu
ubuntu
rdesktop vulnerabilities
2008-09-18 00:00:00
debian
debian
[SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities
2008-05-11 15:16:04
[SECURITY] [DSA 1573-1] New rdesktop packages fix several vulnerabilities
2008-05-12 08:54:07
seebug
seebug
rdesktop倚δΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-05-10 00:00:00
oraclelinux
oraclelinux
rdesktop security update
2008-07-24 00:00:00
rdesktop security and bug fix update
2008-08-01 00:00:00
redhat
redhat
(RHSA-2008:0575) Moderate: rdesktop security update
2008-07-24 00:00:00
(RHSA-2008:0576) Moderate: rdesktop security update
2008-07-24 00:00:00
(RHSA-2008:0725) Moderate: rdesktop security and bug fix update
2008-04-16 00:00:00
centos
centos
rdesktop security update
2008-07-24 19:41:48
rdesktop security update
2008-07-24 22:16:13
debiancve
debiancve
CVE-2008-1803
2008-05-12 22:20:00
CVE-2008-1801
2008-05-12 16:20:00
CVE-2008-1802
2008-05-12 16:20:00
ubuntucve
ubuntucve
CVE-2008-1803
2008-05-12 00:00:00
CVE-2008-1801
2008-05-12 00:00:00
CVE-2008-1802
2008-05-12 00:00:00
prion
prion
Integer overflow
2008-05-12 22:20:00
Integer overflow
2008-05-12 16:20:00
Buffer overflow
2008-05-12 16:20:00
cve
cve
CVE-2008-1803
2008-05-12 22:20:00
CVE-2008-1801
2008-05-12 16:20:00
CVE-2008-1802
2008-05-12 16:20:00
slackware
slackware
[slackware-security] rdesktop
2008-05-28 03:54:58
packetstorm
packetstorm
rdesktop-underflow.txt
2008-05-09 00:00:00
rdesktoppdu-overflow.txt
2008-05-12 00:00:00
checkpoint_advisories
checkpoint_advisories
RDesktop process_redirect_pdu BSS Overflow Buffer Overflow - Ver2 (CVE-2008-1802)
2014-12-28 00:00:00
suse
suse
remote code execution in openwsman
2008-08-14 18:02:43

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.4%

JSON
Related for GLSA-200806-04
openvas27nessus20securityvulns4fedora3osv1ubuntu1debian2seebug1oraclelinux2redhat3centos2debiancve3ubuntucve3prion3cve3slackware1packetstorm2checkpoint_advisories1suse1