ArchLinux: 201902-5: rdesktop: multiple issues

    Date12 Feb 2019
    CategoryArchLinux
    482
    Posted ByLinuxSecurity Advisories
    The package rdesktop before version 1.8.4-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.
    Arch Linux Security Advisory ASA-201902-5
    =========================================
    
    Severity: High
    Date    : 2019-02-11
    CVE-ID  : CVE-2018-8791  CVE-2018-8792  CVE-2018-8793  CVE-2018-8794
              CVE-2018-8795  CVE-2018-8796  CVE-2018-8797  CVE-2018-8798
              CVE-2018-8799  CVE-2018-8800  CVE-2018-20174 CVE-2018-20175
              CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179
              CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
    Package : rdesktop
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-871
    
    Summary
    =======
    
    The package rdesktop before version 1.8.4-1 is vulnerable to multiple
    issues including arbitrary code execution, denial of service and
    information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 1.8.4-1.
    
    # pacman -Syu "rdesktop>=1.8.4-1"
    
    The problems have been fixed upstream in version 1.8.4.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-8791 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function rdpdr_process() that results in an information leak.
    
    - CVE-2018-8792 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function cssp_read_tsrequest() that results in a denial of service
    (segfault).
    
    - CVE-2018-8793 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function cssp_read_tsrequest() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-8794 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
    to an out-of-bounds write in function process_bitmap_updates() and
    results in a memory corruption and possibly even a remote code
    execution.
    
    - CVE-2018-8795 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to an integer overflow that leads
    to a heap-based buffer overflow in function process_bitmap_updates()
    and results in a memory corruption and probably even a remote code
    execution.
    
    - CVE-2018-8796 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function process_bitmap_updates() that results in a denial of service
    (segfault).
    
    - CVE-2018-8797 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function process_plane() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-8798 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function rdpsnd_process_ping() that results in an information leak.
    
    - CVE-2018-8799 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in
    function process_secondary_order() that results in a denial of service
    (segfault).
    
    - CVE-2018-8800 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in
    function ui_clip_handle_data() that results in a memory corruption and
    probably even a remote code execution.
    
    - CVE-2018-20174 (information disclosure)
    
    rdesktop before 1.8.4 is vulnerable to an information leak in
    ui_clip_handle_data().
    
    - CVE-2018-20175 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    mcs_recv_connect_response() and mcs_parse_domain_params().
    
    - CVE-2018-20176 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    sec_parse_crypt_info() and sec_recv().
    
    - CVE-2018-20177 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to a memory corruption issue in
    rdp_in_unistr() that could lead to arbitrary code execution.
    
    - CVE-2018-20178 (denial of service)
    
    rdesktop before 1.8.4 is vulnerable to denial of service in
    process_demand_active().
    
    - CVE-2018-20179 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    lspci_process().
    
    - CVE-2018-20180 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    rdpsnddbg_process().
    
    - CVE-2018-20181 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    seamless_process().
    
    - CVE-2018-20182 (arbitrary code execution)
    
    rdesktop before 1.8.4 is vulnerable to remote code execution in
    seamless_process_line().
    
    Impact
    ======
    
    A remote attacker is able to execute arbitrary code, access sensitive
    information or crash rdesktop when the client connects to a malicious
    server in control of the attacker.
    
    References
    ==========
    
    https://bugs.archlinux.org/task/61652
    https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
    https://security.archlinux.org/CVE-2018-8791
    https://security.archlinux.org/CVE-2018-8792
    https://security.archlinux.org/CVE-2018-8793
    https://security.archlinux.org/CVE-2018-8794
    https://security.archlinux.org/CVE-2018-8795
    https://security.archlinux.org/CVE-2018-8796
    https://security.archlinux.org/CVE-2018-8797
    https://security.archlinux.org/CVE-2018-8798
    https://security.archlinux.org/CVE-2018-8799
    https://security.archlinux.org/CVE-2018-8800
    https://security.archlinux.org/CVE-2018-20174
    https://security.archlinux.org/CVE-2018-20175
    https://security.archlinux.org/CVE-2018-20176
    https://security.archlinux.org/CVE-2018-20177
    https://security.archlinux.org/CVE-2018-20178
    https://security.archlinux.org/CVE-2018-20179
    https://security.archlinux.org/CVE-2018-20180
    https://security.archlinux.org/CVE-2018-20181
    https://security.archlinux.org/CVE-2018-20182
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.