ID CVE-2008-1801
Summary Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
References
Vulnerable Configurations
  • cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:14:45.530-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
family unix
id oval:org.mitre.oval:def:11570
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
version 24
redhat via4
advisories
  • bugzilla
    id 445825
    title CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • comment rdesktop is earlier than 0:1.2.0-3
      oval oval:com.redhat.rhsa:tst:20080576002
    • comment rdesktop is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080576003
    rhsa
    id RHSA-2008:0576
    released 2008-07-24
    severity Moderate
    title RHSA-2008:0576: rdesktop security update (Moderate)
  • bugzilla
    id 445825
    title CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment rdesktop is earlier than 0:1.3.1-9
      oval oval:com.redhat.rhsa:tst:20080725002
    • comment rdesktop is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080576003
    rhsa
    id RHSA-2008:0725
    released 2008-04-16
    severity Moderate
    title RHSA-2008:0725: rdesktop security and bug fix update (Moderate)
  • rhsa
    id RHSA-2008:0575
rpms
  • rdesktop-0:1.4.1-6
  • rdesktop-0:1.2.0-3
  • rdesktop-0:1.3.1-9
refmap via4
bid 29097
confirm
debian DSA-1573
exploit-db 5561
fedora
  • FEDORA-2008-3886
  • FEDORA-2008-3917
  • FEDORA-2008-3985
gentoo GLSA-200806-04
idefense 20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability
mandriva MDVSA-2008:101
sectrack 1019990
secunia
  • 30118
  • 30248
  • 30380
  • 30713
  • 31222
  • 31224
  • 31928
slackware SSA:2008-148-01
sunalert 240708
ubuntu USN-646-1
vupen
  • ADV-2008-1467
  • ADV-2008-2403
xf rdesktop-isorecvmsg-code-execution(42272)
Last major update 29-09-2017 - 01:30
Published 12-05-2008 - 16:20
Back to Top