Lucene search
K

Mandriva Linux Security Advisory : rdesktop (MDVSA-2008:101)

🗓️ 23 Apr 2009 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 30 Views

Mandriva Linux rdesktop vulnerabilities patche

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
7 Jul 201600:00
bdu_fstec
BDU FSTEC
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
28 Apr 201500:00
bdu_fstec
BDU FSTEC
Vulnerabilities of the CentOS operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
28 Apr 201500:00
bdu_fstec
Tenable Nessus
CentOS 5 : rdesktop (CESA-2008:0575)
6 Jan 201000:00
nessus
Tenable Nessus
CentOS 3 : rdesktop (CESA-2008:0576)
28 Jul 200800:00
nessus
Tenable Nessus
Debian DSA-1573-1 : rdesktop - several vulnerabilities
13 May 200800:00
nessus
Tenable Nessus
Fedora 9 : rdesktop-1.6.0-1.fc9 (2008-3886)
16 May 200800:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2008:101. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(37563);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-1801", "CVE-2008-1802", "CVE-2008-1803");
  script_xref(name:"MDVSA", value:"2008:101");

  script_name(english:"Mandriva Linux Security Advisory : rdesktop (MDVSA-2008:101)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandriva Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in rdesktop, a Remote Desktop
Protocol client.

An integer underflow vulnerability allowed attackers to cause a denial
of service (crash) and possibly execute arbitrary code with the
privileges of the logged-in user (CVE-2008-1801).

A buffer overflow vulnerability allowed attackers to execute arbitrary
code with the privileges of the logged-in user (CVE-2008-1802).

An integer signedness vulnerability allowed attackers to execute
arbitrary code with the privileges of the logged-in user
(CVE-2008-1803).

In order for these vulnerabilities to be exploited, an attacker must
persuade a targeted user to connect to a malicious RDP server.

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rdesktop package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rdesktop");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.1", reference:"rdesktop-1.5.0-1.2mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", reference:"rdesktop-1.5.0-3.1mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.1", reference:"rdesktop-1.5.0-4.1mdv2008.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation