rdesktop vulnerabilities

2008-09-1800:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.959

Percentile

99.5%

JSON

Releases

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06

Packages

rdesktop -

Details

It was discovered that rdesktop did not properly validate the length
of packet headers when processing RDP requests. If a user were tricked
into connecting to a malicious server, an attacker could cause a
denial of service or possible execute arbitrary code with the
privileges of the user. (CVE-2008-1801)

Multiple buffer overflows were discovered in rdesktop when processing
RDP redirect requests. If a user were tricked into connecting to a
malicious server, an attacker could cause a denial of service or
possible execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

It was discovered that rdesktop performed a signed integer comparison
when reallocating dynamic buffers which could result in a heap-based
overflow. If a user were tricked into connecting to a malicious
server, an attacker could cause a denial of service or possible
execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchrdesktop< 1.5.0-3+cvs20071006ubuntu0.1UNKNOWN
Ubuntu7.10noarchrdesktop< 1.5.0-2ubuntu0.1UNKNOWN
Ubuntu7.04noarchrdesktop< 1.5.0-1ubuntu1.1UNKNOWN
Ubuntu6.06noarchrdesktop< 1.4.1-1.1ubuntu0.6.06.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	rdesktop	< 1.5.0-3+cvs20071006ubuntu0.1	UNKNOWN
Ubuntu	7.10	noarch	rdesktop	< 1.5.0-2ubuntu0.1	UNKNOWN
Ubuntu	7.04	noarch	rdesktop	< 1.5.0-1ubuntu1.1	UNKNOWN
Ubuntu	6.06	noarch	rdesktop	< 1.4.1-1.1ubuntu0.6.06.1	UNKNOWN