CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
CentOS Errata and Security Advisory CESA-2008:0575
rdesktop is an open source client for Microsoft Windows NT Terminal Server
and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively
using the Remote Desktop Protocol (RDP) to present the userβs NT desktop.
No additional server extensions are required.
An integer underflow and integer signedness issue were discovered in the
rdesktop. If an attacker could convince a victim to connect to a malicious
RDP server, the attacker could cause the victimβs rdesktop to crash or,
possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)
Users of rdesktop should upgrade to these updated packages, which contain a
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077323.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077324.html
Affected packages:
rdesktop
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0575
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | x86_64 | rdesktop | <Β 1.4.1-6 | rdesktop-1.4.1-6.x86_64.rpm |
CentOS | 5 | i386 | rdesktop | <Β 1.4.1-6 | rdesktop-1.4.1-6.i386.rpm |
CentOS | 5 | i386 | rdesktop | <Β 1.4.1-6 | rdesktop-1.4.1-6.i386.rpm |