Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities
Date: Sat, 14 Jun 2008 19:13:55
Message-Id: 485418C5.3030905@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200806-04
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: Normal
11 Title: rdesktop: Multiple vulnerabilities
12 Date: June 14, 2008
13 Bugs: #220911
14 ID: 200806-04
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities in rdesktop may lead to the execution of
22 arbitrary code or a Denial of Service.
23
24 Background
25 ==========
26
27 rdesktop is an open source Remote Desktop Protocol (RDP) client.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 net-misc/rdesktop < 1.6.0 >= 1.6.0
36
37 Description
38 ===========
39
40 An anonymous researcher reported multiple vulnerabilities in rdesktop
41 via iDefense Labs:
42
43 * An integer underflow error exists in the function iso_recv_msg() in
44 the file iso.c which can be triggered via a specially crafted RDP
45 request, causing a heap-based buffer overflow (CVE-2008-1801).
46
47 * An input validation error exists in the function
48 process_redirect_pdu() in the file rdp.c which can be triggered via a
49 specially crafted RDP redirect request, causing a BSS-based buffer
50 overflow (CVE-2008-1802).
51
52 * An integer signedness error exists in the function xrealloc() in
53 the file rdesktop.c which can be be exploited to cause a heap-based
54 buffer overflow (CVE-2008-1803).
55
56 Impact
57 ======
58
59 An attacker could exploit these vulnerabilities by enticing a user to
60 connect to a malicious RDP server thereby allowing the attacker to
61 execute arbitrary code or cause a Denial of Service.
62
63 Workaround
64 ==========
65
66 There is no known workaround at this time.
67
68 Resolution
69 ==========
70
71 All rdesktop users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.6.0"
75
76 References
77 ==========
78
79 [ 1 ] CVE-2008-1801
80 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
81 [ 2 ] CVE-2008-1802
82 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802
83 [ 3 ] CVE-2008-1803
84 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 http://security.gentoo.org/glsa/glsa-200806-04.xml
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 http://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2008 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 http://creativecommons.org/licenses/by-sa/2.5
113 -----BEGIN PGP SIGNATURE-----
114 Version: GnuPG v2.0.7 (GNU/Linux)
115 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
116
117 iD8DBQFIVBjEuhJ+ozIKI5gRAk9/AJ9XFUHlPPvGre9hf8j4Xu07Cxus1ACdEyVZ
118 FC+fK8NQn/BfV4zsu9ooARo=
119 =u6DV
120 -----END PGP SIGNATURE-----
121 --
122 gentoo-announce@l.g.o mailing list