The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of rdesktop

vulnerability alert CVE-2008-1801 CVE-2008-1802 CVE-2008-1803

rdesktop: several vulnerabilities

Synthesis of the vulnerability

An attacker can exploit several vulnerabilities of rdesktop in order to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, rdesktop, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/05/2008.
Identifiers: BID-29097, CERTA-2008-AVI-239, CERTA-2008-AVI-322, CVE-2008-1801, CVE-2008-1802, CVE-2008-1803, DSA-1573-1, FEDORA-2008-3886, FEDORA-2008-3917, FEDORA-2008-3985, MDVSA-2008:101, RHSA-2008:0575-01, RHSA-2008:0576-01, RHSA-2008:0725-01, SSA:2008-148-01, VIGILANCE-VUL-7811.

Description of the vulnerability

The rdesktop client is used to access to a Windows system via RDP (Remote Desktop Protocol). It has several vulnerabilities.

An attacker can generate an integer overflow in iso_recv_msg(). [severity:2/4; CERTA-2008-AVI-322, CVE-2008-1801]

An attacker can generate an overflow in process_redirect_pdu(). [severity:2/4; CVE-2008-1802]

An attacker can generate an overflow in channel_process(). [severity:2/4; CVE-2008-1803]

To exploit these vulnerabilities, the attacker has to persuade the victim to connect with rdesktop to a malicious RDP server.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about rdesktop: