What Are You Looking For?

Sign Up
Date:         Mon, 28 Jul 2008 16:13:49 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for rdesktop on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: rdesktop security and bug fix update
Issue date:	2008-04-16
CVE Names:	CVE-2008-1801

An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victim's rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)

Additionally, the following bug was fixed:

A missing command line option caused rdesktop to fail when using the krdc
remote desktop utility. Using krdc to connect to a terminal server resulted
in errors such as the following:

The version of rdesktop you are using ([version]) is too old:

rdesktop [version] or greater is required. A working patch for rdesktop
[version] can be found in KDE CVS.

In this updated package, krdc successfully connects to terminal servers.

SL 4.x

    SRPMS:
rdesktop-1.3.1-9.src.rpm
    i386:
rdesktop-1.3.1-9.i386.rpm
    x86_64:
rdesktop-1.3.1-9.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-1801 rdesktop SL4.x i386/x86_64

Moderate: rdesktop security and bug fix update

Summary

Date:         Mon, 28 Jul 2008 16:13:49 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for rdesktop on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: rdesktop security and bug fix updateIssue date:	2008-04-16CVE Names:	CVE-2008-1801An integer underflow vulnerability was discovered in the rdesktop. If anattacker could convince a victim to connect to a malicious RDP server, theattacker could cause the victim's rdesktop to crash or, possibly, executean arbitrary code. (CVE-2008-1801)Additionally, the following bug was fixed:A missing command line option caused rdesktop to fail when using the krdcremote desktop utility. Using krdc to connect to a terminal server resultedin errors such as the following:The version of rdesktop you are using ([version]) is too old:rdesktop [version] or greater is required. A working patch for rdesktop[version] can be found in KDE CVS.In this updated package, krdc successfully connects to terminal servers.SL 4.x    SRPMS:rdesktop-1.3.1-9.src.rpm    i386:rdesktop-1.3.1-9.i386.rpm    x86_64:rdesktop-1.3.1-9.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo