Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Scientific Linux SL4.x: rdesktop Update for CVE-2008-1801 Moderate Risk

Scientific Large Esm H446
Moderate: rdesktop security and bug fix update
Date: Mon, 28 Jul 2008 16:13:49 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for rdesktop on SL4.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: rdesktop security and bug fix update
Issue date:	2008-04-16
CVE Names:	CVE-2008-1801

An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victim's rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)

Additionally, the following bug was fixed:

A missing command line option caused rdesktop to fail when using the krdc
remote desktop utility. Using krdc to connect to a terminal server resulted
in errors such as the following:

The version of rdesktop you are using ([version]) is too old:

rdesktop [version] or greater is required. A working patch for rdesktop
[version] can be found in KDE CVS.

In this updated package, krdc successfully connects to terminal servers.

SL 4.x

 SRPMS:
rdesktop-1.3.1-9.src.rpm
 i386:
rdesktop-1.3.1-9.i386.rpm
 x86_64:
rdesktop-1.3.1-9.x86_64.rpm

-Connie Sieh
-Troy Dawson