[ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: rdesktop: Multiple vulnerabilities (GLSA 200806-04)
Severity: normal
Exploitable: remote
Date: June 14, 2008
Bug(s): #220911
ID: 200806-04

Synopsis

Multiple vulnerabilities in rdesktop may lead to the execution of arbitrary code or a Denial of Service.

Background

rdesktop is an open source Remote Desktop Protocol (RDP) client.

Affected Packages

Package: net-misc/rdesktop
Vulnerable: < 1.6.0
Unaffected: >= 1.6.0
Architectures: All supported architectures


Description

An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs:

• An integer underflow error exists in the function iso_recv_msg() in the file iso.c which can be triggered via a specially crafted RDP request, causing a heap-based buffer overflow (CVE-2008-1801).
• An input validation error exists in the function process_redirect_pdu() in the file rdp.c which can be triggered via a specially crafted RDP redirect request, causing a BSS-based buffer overflow (CVE-2008-1802).
• An integer signedness error exists in the function xrealloc() in the file rdesktop.c which can be be exploited to cause a heap-based buffer overflow (CVE-2008-1803).

Impact

An attacker could exploit these vulnerabilities by enticing a user to connect to a malicious RDP server thereby allowing the attacker to execute arbitrary code or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All rdesktop users should upgrade to the latest version: