Adsons

    ArchLinux: 201902-5: rdesktop: multiple issues

    Date12 Feb 2019
    CategoryArchLinux
    159
    Posted ByLinuxSecurity Advisories
    The package rdesktop before version 1.8.4-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.
    Arch Linux Security Advisory ASA-201902-5
    =========================================
    
    Severity: High
    Date    : 2019-02-11
    CVE-ID  : CVE-2018-8791  CVE-2018-8792  CVE-2018-8793  CVE-2018-8794
              CVE-2018-8795  CVE-2018-8796  CVE-2018-8797  CVE-2018-8798
              CVE-2018-8799  CVE-2018-8800  CVE-2018-20174 CVE-2018-20175
              CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179
              CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
    Package : rdesktop
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-871
    
    Summary
    =======
    
    The package rdesktop before version 1.8.4-1 is vulnerable to multiple
    issues including arbitrary code execution, denial of service and
    information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 1.8.4-1.
    
    # pacman -Syu "rdesktop>=1.8.4-1"
    
    The problems have been fixed upstream in version 1.8.4.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-8791 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function rdpdr_process() that results in an information leak.
    
    - CVE-2018-8792 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function cssp_read_tsrequest() that results in a denial of service
    (segfault).
    
    - CVE-2018-8793 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function cssp_read_tsrequest() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-8794 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
    to an out-of-bounds write in function process_bitmap_updates() and
    results in a memory corruption and possibly even a remote code
    execution.
    
    - CVE-2018-8795 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
    to a heap-based buffer overflow in function process_bitmap_updates()
    and results in a memory corruption and probably even a remote code
    execution.
    
    - CVE-2018-8796 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function process_bitmap_updates() that results in a denial of service
    (segfault).
    
    - CVE-2018-8797 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function process_plane() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-8798 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function rdpsnd_process_ping() that results in an information leak.
    
    - CVE-2018-8799 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function process_secondary_order() that results in a denial of service
    (segfault).
    
    - CVE-2018-8800 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function ui_clip_handle_data() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-20174 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an information leak in
    ui_clip_handle_data().
    
    - CVE-2018-20175 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    mcs_recv_connect_response() and mcs_parse_domain_params().
    
    - CVE-2018-20176 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    sec_parse_crypt_info() and sec_recv().
    
    - CVE-2018-20177 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a memory corruption issue in
    rdp_in_unistr() that could lead to arbitrary code execution.
    
    - CVE-2018-20178 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    process_demand_active().
    
    - CVE-2018-20179 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    lspci_process().
    
    - CVE-2018-20180 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    rdpsnddbg_process().
    
    - CVE-2018-20181 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    seamless_process().
    
    - CVE-2018-20182 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    seamless_process_line().
    
    Impact
    ======
    
    A remote attacker is able to execute arbitrary code, access sensitive
    information or crash rdesktop when the client connects to a malicious
    server in control of the attacker.
    
    References
    ==========
    
    https://bugs.archlinux.org/task/61652
    https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
    https://security.archlinux.org/CVE-2018-8791
    https://security.archlinux.org/CVE-2018-8792
    https://security.archlinux.org/CVE-2018-8793
    https://security.archlinux.org/CVE-2018-8794
    https://security.archlinux.org/CVE-2018-8795
    https://security.archlinux.org/CVE-2018-8796
    https://security.archlinux.org/CVE-2018-8797
    https://security.archlinux.org/CVE-2018-8798
    https://security.archlinux.org/CVE-2018-8799
    https://security.archlinux.org/CVE-2018-8800
    https://security.archlinux.org/CVE-2018-20174
    https://security.archlinux.org/CVE-2018-20175
    https://security.archlinux.org/CVE-2018-20176
    https://security.archlinux.org/CVE-2018-20177
    https://security.archlinux.org/CVE-2018-20178
    https://security.archlinux.org/CVE-2018-20179
    https://security.archlinux.org/CVE-2018-20180
    https://security.archlinux.org/CVE-2018-20181
    https://security.archlinux.org/CVE-2018-20182
    
    

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200