Veracode Vulnerability DatabaseVERACODE:25136Denial Of Service (DoS)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
rdesktop is vulnerable to Denial Of Service (DoS). It is possible due to an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
References
lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
www.securityfocus.com/bid/106938
github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
lists.debian.org/debian-lts-announce/2019/02/msg00030.html
research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
security.gentoo.org/glsa/201903-06
www.debian.org/security/2019/dsa-4394
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P