CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
CentOS Errata and Security Advisory CESA-2008:0576
rdesktop is an open source client for Microsoft Windows NT Terminal Server
and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively
using the Remote Desktop Protocol (RDP) to present the userβs NT desktop.
No additional server extensions are required.
An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victimβs rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)
Users of rdesktop should upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077325.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077326.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077331.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077332.html
Affected packages:
rdesktop
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0576
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | rdesktop | <Β 1.2.0-3 | rdesktop-1.2.0-3.i386.rpm |
CentOS | 3 | x86_64 | rdesktop | <Β 1.2.0-3 | rdesktop-1.2.0-3.x86_64.rpm |
CentOS | 3 | ia64 | rdesktop | <Β 1.2.0-3 | rdesktop-1.2.0-3.ia64.rpm |
CentOS | 3 | s390 | rdesktop | <Β 1.2.0-3 | rdesktop-1.2.0-3.s390.rpm |
CentOS | 3 | s390x | rdesktop | <Β 1.2.0-3 | rdesktop-1.2.0-3.s390x.rpm |