Arch Linux Security Advisory ASA-201902-5
========================================
Severity: High
Date    : 2019-02-11
CVE-ID  : CVE-2018-8791  CVE-2018-8792  CVE-2018-8793  CVE-2018-8794
          CVE-2018-8795  CVE-2018-8796  CVE-2018-8797  CVE-2018-8798
          CVE-2018-8799  CVE-2018-8800  CVE-2018-20174 CVE-2018-20175
          CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179
          CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
Package : rdesktop
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-871

Summary
======
The package rdesktop before version 1.8.4-1 is vulnerable to multiple
issues including arbitrary code execution, denial of service and
information disclosure.

Resolution
=========
Upgrade to 1.8.4-1.

# pacman -Syu "rdesktop>=1.8.4-1"

The problems have been fixed upstream in version 1.8.4.

Workaround
=========
None.

Description
==========
- CVE-2018-8791 (information disclosure)

rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
function rdpdr_process() that results in an information leak.

- CVE-2018-8792 (denial of service)

rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
function cssp_read_tsrequest() that results in a denial of service
(segfault).

- CVE-2018-8793 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
function cssp_read_tsrequest() that results in a memory corruption and
probably even a remote code execution.

- CVE-2018-8794 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
to an out-of-bounds write in function process_bitmap_updates() and
results in a memory corruption and possibly even a remote code
execution.

- CVE-2018-8795 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
to a heap-based buffer overflow in function process_bitmap_updates()
and results in a memory corruption and probably even a remote code
execution.

- CVE-2018-8796 (denial of service)

rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
function process_bitmap_updates() that results in a denial of service
(segfault).

- CVE-2018-8797 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
function process_plane() that results in a memory corruption and
probably even a remote code execution.

- CVE-2018-8798 (information disclosure)

rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
function rdpsnd_process_ping() that results in an information leak.

- CVE-2018-8799 (denial of service)

rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
function process_secondary_order() that results in a denial of service
(segfault).

- CVE-2018-8800 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
function ui_clip_handle_data() that results in a memory corruption and
probably even a remote code execution.

- CVE-2018-20174 (information disclosure)

rdesktop before 1.8.4 is vulnerable to an information leak in
ui_clip_handle_data().

- CVE-2018-20175 (denial of service)

rdesktop before 1.8.4 is vulnerable to denial of service in
mcs_recv_connect_response() and mcs_parse_domain_params().

- CVE-2018-20176 (denial of service)

rdesktop before 1.8.4 is vulnerable to denial of service in
sec_parse_crypt_info() and sec_recv().

- CVE-2018-20177 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to a memory corruption issue in
rdp_in_unistr() that could lead to arbitrary code execution.

- CVE-2018-20178 (denial of service)

rdesktop before 1.8.4 is vulnerable to denial of service in
process_demand_active().

- CVE-2018-20179 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to remote code execution in
lspci_process().

- CVE-2018-20180 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to remote code execution in
rdpsnddbg_process().

- CVE-2018-20181 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to remote code execution in
seamless_process().

- CVE-2018-20182 (arbitrary code execution)

rdesktop before 1.8.4 is vulnerable to remote code execution in
seamless_process_line().

Impact
=====
A remote attacker is able to execute arbitrary code, access sensitive
information or crash rdesktop when the client connects to a malicious
server in control of the attacker.

References
=========
https://bugs.archlinux.org/task/61652
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
https://security.archlinux.org/CVE-2018-8791
https://security.archlinux.org/CVE-2018-8792
https://security.archlinux.org/CVE-2018-8793
https://security.archlinux.org/CVE-2018-8794
https://security.archlinux.org/CVE-2018-8795
https://security.archlinux.org/CVE-2018-8796
https://security.archlinux.org/CVE-2018-8797
https://security.archlinux.org/CVE-2018-8798
https://security.archlinux.org/CVE-2018-8799
https://security.archlinux.org/CVE-2018-8800
https://security.archlinux.org/CVE-2018-20174
https://security.archlinux.org/CVE-2018-20175
https://security.archlinux.org/CVE-2018-20176
https://security.archlinux.org/CVE-2018-20177
https://security.archlinux.org/CVE-2018-20178
https://security.archlinux.org/CVE-2018-20179
https://security.archlinux.org/CVE-2018-20180
https://security.archlinux.org/CVE-2018-20181
https://security.archlinux.org/CVE-2018-20182

ArchLinux: 201902-5: rdesktop: multiple issues

February 12, 2019

Summary

- CVE-2018-8791 (information disclosure) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function rdpdr_process() that results in an information leak.
- CVE-2018-8792 (denial of service)
rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function cssp_read_tsrequest() that results in a denial of service (segfault).
- CVE-2018-8793 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8794 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to an integer overflow that leads to an out-of-bounds write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8795 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to an integer overflow that leads to a heap-based buffer overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8796 (denial of service)
rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function process_bitmap_updates() that results in a denial of service (segfault).
- CVE-2018-8797 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8798 (information disclosure)
rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function rdpsnd_process_ping() that results in an information leak.
- CVE-2018-8799 (denial of service)
rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function process_secondary_order() that results in a denial of service (segfault).
- CVE-2018-8800 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-20174 (information disclosure)
rdesktop before 1.8.4 is vulnerable to an information leak in ui_clip_handle_data().
- CVE-2018-20175 (denial of service)
rdesktop before 1.8.4 is vulnerable to denial of service in mcs_recv_connect_response() and mcs_parse_domain_params().
- CVE-2018-20176 (denial of service)
rdesktop before 1.8.4 is vulnerable to denial of service in sec_parse_crypt_info() and sec_recv().
- CVE-2018-20177 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to a memory corruption issue in rdp_in_unistr() that could lead to arbitrary code execution.
- CVE-2018-20178 (denial of service)
rdesktop before 1.8.4 is vulnerable to denial of service in process_demand_active().
- CVE-2018-20179 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to remote code execution in lspci_process().
- CVE-2018-20180 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to remote code execution in rdpsnddbg_process().
- CVE-2018-20181 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process().
- CVE-2018-20182 (arbitrary code execution)
rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process_line().

Resolution

Upgrade to 1.8.4-1. # pacman -Syu "rdesktop>=1.8.4-1"
The problems have been fixed upstream in version 1.8.4.

References

https://bugs.archlinux.org/task/61652 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://security.archlinux.org/CVE-2018-8791 https://security.archlinux.org/CVE-2018-8792 https://security.archlinux.org/CVE-2018-8793 https://security.archlinux.org/CVE-2018-8794 https://security.archlinux.org/CVE-2018-8795 https://security.archlinux.org/CVE-2018-8796 https://security.archlinux.org/CVE-2018-8797 https://security.archlinux.org/CVE-2018-8798 https://security.archlinux.org/CVE-2018-8799 https://security.archlinux.org/CVE-2018-8800 https://security.archlinux.org/CVE-2018-20174 https://security.archlinux.org/CVE-2018-20175 https://security.archlinux.org/CVE-2018-20176 https://security.archlinux.org/CVE-2018-20177 https://security.archlinux.org/CVE-2018-20178 https://security.archlinux.org/CVE-2018-20179 https://security.archlinux.org/CVE-2018-20180 https://security.archlinux.org/CVE-2018-20181 https://security.archlinux.org/CVE-2018-20182

Severity
CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175
CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179
CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
Package : rdesktop
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-871

Workaround

None.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved