Lucene search

K
ubuntuUbuntuUSN-646-1
HistorySep 18, 2008 - 12:00 a.m.

rdesktop vulnerabilities

2008-09-1800:00:00
ubuntu.com
32

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.959

Percentile

99.5%

Releases

  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.06

Packages

  • rdesktop -

Details

It was discovered that rdesktop did not properly validate the length
of packet headers when processing RDP requests. If a user were tricked
into connecting to a malicious server, an attacker could cause a
denial of service or possible execute arbitrary code with the
privileges of the user. (CVE-2008-1801)

Multiple buffer overflows were discovered in rdesktop when processing
RDP redirect requests. If a user were tricked into connecting to a
malicious server, an attacker could cause a denial of service or
possible execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

It was discovered that rdesktop performed a signed integer comparison
when reallocating dynamic buffers which could result in a heap-based
overflow. If a user were tricked into connecting to a malicious
server, an attacker could cause a denial of service or possible
execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchrdesktop< 1.5.0-3+cvs20071006ubuntu0.1UNKNOWN
Ubuntu7.10noarchrdesktop< 1.5.0-2ubuntu0.1UNKNOWN
Ubuntu7.04noarchrdesktop< 1.5.0-1ubuntu1.1UNKNOWN
Ubuntu6.06noarchrdesktop< 1.4.1-1.1ubuntu0.6.06.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.959

Percentile

99.5%