USN-646-1: rdesktop vulnerabilities

18 September 2008

rdesktop vulnerabilities

Releases

Packages

Details

It was discovered that rdesktop did not properly validate the length
of packet headers when processing RDP requests. If a user were tricked
into connecting to a malicious server, an attacker could cause a
denial of service or possible execute arbitrary code with the
privileges of the user. (CVE-2008-1801)

Multiple buffer overflows were discovered in rdesktop when processing
RDP redirect requests. If a user were tricked into connecting to a
malicious server, an attacker could cause a denial of service or
possible execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

It was discovered that rdesktop performed a signed integer comparison
when reallocating dynamic buffers which could result in a heap-based
overflow. If a user were tricked into connecting to a malicious
server, an attacker could cause a denial of service or possible
execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.