Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1803

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1803
Last Modified 11 Oct 2011 12:00:00
Published 12 May 2008 06:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1803

Summary

Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.

Vulnerable Systems

Application

  • Rdesktop 1.5.0


References

CONFIRM - http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU

XF - rdesktop-xrealloc-bo(42277)

VUPEN - ADV-2008-2403

VUPEN - ADV-2008-1467

UBUNTU - USN-646-1

SECTRACK - 1019992

BID - 29097

REDHAT - RHSA-2008:0575

FEDORA - FEDORA-2008-3985

FEDORA - FEDORA-2008-3917

FEDORA - FEDORA-2008-3886

MANDRIVA - MDVSA-2008:101

DEBIAN - DSA-1573

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm

SUNALERT - 240708

GENTOO - GLSA-200806-04

SECUNIA - 31928

SECUNIA - 31224

SECUNIA - 30713

SECUNIA - 30248

SECUNIA - 30118

CONFIRM - http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?r1=1.161&r2=1.162&pathrev=HEAD

IDEFENSE - 20080507 Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability


Last Updated: 27 May 2016 10:47:40