CVE-2008-1803

Published: 12 May 2008

Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.

Priority

Status

Package	Release	Status
rdesktop Launchpad, Ubuntu, Debian	dapper	Released (1.4.1-1.1ubuntu0.6.06.1)
	feisty	Released (1.5.0-1ubuntu1.1)
	gutsy	Released (1.5.0-2ubuntu0.1)
	hardy	Released (1.5.0-3+cvs20071006ubuntu0.1)
	upstream	Released (1.5.0-4+cvs20071006)
	Patches: vendor: http://www.debian.org/security/2008/dsa-1573

References

https://ubuntu.com/security/notices/USN-646-1
https://www.cve.org/CVERecord?id=CVE-2008-1803
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/228193

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›