Mandriva Linux Security Advisory : rdesktop (MDVSA-2008:101)

high Nessus Plugin ID 37563

Synopsis

The remote Mandriva Linux host is missing a security update.

Description

Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client.

An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user (CVE-2008-1801).

A buffer overflow vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1802).

An integer signedness vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1803).

In order for these vulnerabilities to be exploited, an attacker must persuade a targeted user to connect to a malicious RDP server.

The updated packages have been patched to correct these issues.

Solution

Update the affected rdesktop package.

Plugin Details

Severity: High

ID: 37563

File Name: mandriva_MDVSA-2008-101.nasl

Version: 1.14

Type: local

Family: Mandriva Local Security Checks

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:rdesktop, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 5/16/2008

Reference Information

CVE: CVE-2008-1801, CVE-2008-1802, CVE-2008-1803

CWE: 119, 189

MDVSA: 2008:101

Detections

Analytics