ID CVE-2008-1801
Summary Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
References
Vulnerable Configurations
  • rdesktop 1.5.0
    cpe:2.3:a:rdesktop:rdesktop:1.5.0
CVSS
Base: 9.3 (as of 12-05-2008 - 13:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
id EDB-ID:5561
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0725.NASL
    description Updated rdesktop packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Additionally, the following bug was fixed : A missing command line option caused rdesktop to fail when using the krdc remote desktop utility. Using krdc to connect to a terminal server resulted in errors such as the following : The version of rdesktop you are using ([version]) is too old : rdesktop [version] or greater is required. A working patch for rdesktop [version] can be found in KDE CVS. In this updated package, krdc successfully connects to terminal servers. Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33584
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33584
    title RHEL 4 : rdesktop (RHSA-2008:0725)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0576.NASL
    description From Red Hat Security Advisory 2008:0576 : Updated rdesktop packages that fix a security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Users of rdesktop should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67720
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67720
    title Oracle Linux 3 : rdesktop (ELSA-2008-0576)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080416_RDESKTOP_ON_SL4_X.NASL
    description An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Additionally, the following bug was fixed : A missing command line option caused rdesktop to fail when using the krdc remote desktop utility. Using krdc to connect to a terminal server resulted in errors such as the following : The version of rdesktop you are using ([version]) is too old : rdesktop [version] or greater is required. A working patch for rdesktop [version] can be found in KDE CVS. In this updated package, krdc successfully connects to terminal servers.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60384
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60384
    title Scientific Linux Security Update : rdesktop on SL4.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0576.NASL
    description Updated rdesktop packages that fix a security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Users of rdesktop should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33735
    published 2008-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33735
    title CentOS 3 : rdesktop (CESA-2008:0576)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-148-01.NASL
    description New rdesktop packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix a security issue caused by using rdesktop to connect to a malicious or compromised RDP server.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 32446
    published 2008-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32446
    title Slackware 11.0 / 12.0 / 12.1 / current : rdesktop (SSA:2008-148-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080724_RDESKTOP_ON_SL3_X.NASL
    description An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60453
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60453
    title Scientific Linux Security Update : rdesktop on SL3.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0576.NASL
    description Updated rdesktop packages that fix a security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Users of rdesktop should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33579
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33579
    title RHEL 3 : rdesktop (RHSA-2008:0576)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3917.NASL
    description - Tue May 13 2008 Soren Sandmann - 1.6.0-1 - Update to 1.6.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32343
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32343
    title Fedora 8 : rdesktop-1.6.0-1.fc8 (2008-3917)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3985.NASL
    description - Tue May 13 2008 Soren Sandmann - 1.6.0-1 - Update to 1.6.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32349
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32349
    title Fedora 7 : rdesktop-1.6.0-1.fc7 (2008-3985)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1573.NASL
    description Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1801 Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. - CVE-2008-1802 Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. - CVE-2008-1803 Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32307
    published 2008-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32307
    title Debian DSA-1573-1 : rdesktop - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RDESKTOP-5271.NASL
    description Multiple problems have been fixed in rdesktop. CVE-2008-1801, CVE-2008-1802 and CVE-2008-1803 have been assigned to this issue.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33898
    published 2008-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33898
    title openSUSE 10 Security Update : rdesktop (rdesktop-5271)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RDESKTOP-5272.NASL
    description Multiple problems have been fixed in rdesktop. CVE-2008-1801 / CVE-2008-1802 / CVE-2008-1803 have been assigned to this issue.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33889
    published 2008-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33889
    title SuSE 10 Security Update : rdesktop (ZYPP Patch Number 5272)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3886.NASL
    description - Tue May 13 2008 Soren Sandmann - 1.6.0-1 - Update to 1.6.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 32338
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32338
    title Fedora 9 : rdesktop-1.6.0-1.fc9 (2008-3886)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-646-1.NASL
    description It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1801) Multiple buffer overflows were discovered in rdesktop when processing RDP redirect requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802) It was discovered that rdesktop performed a signed integer comparison when reallocating dynamic buffers which could result in a heap-based overflow. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38000
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38000
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : rdesktop vulnerabilities (USN-646-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0575.NASL
    description From Red Hat Security Advisory 2008:0575 : An updated rdesktop package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803) Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67719
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67719
    title Oracle Linux 5 : rdesktop (ELSA-2008-0575)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200806-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200806-04 (rdesktop: Multiple vulnerabilities) An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs: An integer underflow error exists in the function iso_recv_msg() in the file iso.c which can be triggered via a specially crafted RDP request, causing a heap-based buffer overflow (CVE-2008-1801). An input validation error exists in the function process_redirect_pdu() in the file rdp.c which can be triggered via a specially crafted RDP redirect request, causing a BSS-based buffer overflow (CVE-2008-1802). An integer signedness error exists in the function xrealloc() in the file rdesktop.c which can be be exploited to cause a heap-based buffer overflow (CVE-2008-1803). Impact : An attacker could exploit these vulnerabilities by enticing a user to connect to a malicious RDP server thereby allowing the attacker to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 33189
    published 2008-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33189
    title GLSA-200806-04 : rdesktop: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080724_RDESKTOP_ON_SL5_X.NASL
    description An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60454
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60454
    title Scientific Linux Security Update : rdesktop on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0575.NASL
    description An updated rdesktop package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803) Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33578
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33578
    title RHEL 5 : rdesktop (RHSA-2008:0575)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-101.NASL
    description Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user (CVE-2008-1801). A buffer overflow vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1802). An integer signedness vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1803). In order for these vulnerabilities to be exploited, an attacker must persuade a targeted user to connect to a malicious RDP server. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37563
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37563
    title Mandriva Linux Security Advisory : rdesktop (MDVSA-2008:101)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0575.NASL
    description An updated rdesktop package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803) Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43696
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43696
    title CentOS 5 : rdesktop (CESA-2008:0575)
oval via4
accepted 2013-04-29T04:14:45.530-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
family unix
id oval:org.mitre.oval:def:11570
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
version 24
packetstorm via4
data source https://packetstormsecurity.com/files/download/66184/rdesktop-underflow.txt
id PACKETSTORM:66184
last seen 2016-12-05
published 2008-05-09
reporter Guido Landi
source https://packetstormsecurity.com/files/66184/rdesktop-underflow.txt.html
title rdesktop-underflow.txt
redhat via4
advisories
  • bugzilla
    id 445825
    title CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment rdesktop is earlier than 0:1.2.0-3
      oval oval:com.redhat.rhsa:tst:20080576002
    • comment rdesktop is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080576003
    rhsa
    id RHSA-2008:0576
    released 2008-07-24
    severity Moderate
    title RHSA-2008:0576: rdesktop security update (Moderate)
  • bugzilla
    id 445825
    title CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment rdesktop is earlier than 0:1.3.1-9
      oval oval:com.redhat.rhsa:tst:20080725002
    • comment rdesktop is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080576003
    rhsa
    id RHSA-2008:0725
    released 2008-04-16
    severity Moderate
    title RHSA-2008:0725: rdesktop security and bug fix update (Moderate)
  • rhsa
    id RHSA-2008:0575
rpms
  • rdesktop-0:1.4.1-6
  • rdesktop-0:1.2.0-3
  • rdesktop-0:1.3.1-9
refmap via4
bid 29097
confirm
debian DSA-1573
exploit-db 5561
fedora
  • FEDORA-2008-3886
  • FEDORA-2008-3917
  • FEDORA-2008-3985
gentoo GLSA-200806-04
idefense 20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability
mandriva MDVSA-2008:101
sectrack 1019990
secunia
  • 30118
  • 30248
  • 30380
  • 30713
  • 31222
  • 31224
  • 31928
slackware SSA:2008-148-01
sunalert 240708
ubuntu USN-646-1
vupen
  • ADV-2008-1467
  • ADV-2008-2403
xf rdesktop-isorecvmsg-code-execution(42272)
Last major update 07-03-2011 - 22:07
Published 12-05-2008 - 12:20
Last modified 28-09-2017 - 21:30
Back to Top