This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Rdesktop First view 2008-05-12
Product Rdesktop Last view 2019-10-30
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:* 23
cpe:2.3:a:rdesktop:rdesktop:1.0.0:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.1.0:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.4.0:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.2.0:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.3.0:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.3.1:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.4.1:*:*:*:*:*:*:* 20
cpe:2.3:a:rdesktop:rdesktop:1.8.4:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.5 2019-10-30 CVE-2019-15682

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5

9.8 2019-03-15 CVE-2018-20182

rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.

9.8 2019-03-15 CVE-2018-20181

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.

9.8 2019-03-15 CVE-2018-20180

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.

9.8 2019-03-15 CVE-2018-20179

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.

7.5 2019-03-15 CVE-2018-20178

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

9.8 2019-03-15 CVE-2018-20177

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

7.5 2019-03-15 CVE-2018-20176

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).

7.5 2019-03-15 CVE-2018-20175

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

7.5 2019-03-15 CVE-2018-20174

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.

9.8 2019-02-05 CVE-2018-8800

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.

7.5 2019-02-05 CVE-2018-8799

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

7.5 2019-02-05 CVE-2018-8798

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

9.8 2019-02-05 CVE-2018-8797

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.

7.5 2019-02-05 CVE-2018-8796

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

9.8 2019-02-05 CVE-2018-8795

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.

9.8 2019-02-05 CVE-2018-8794

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.

9.8 2019-02-05 CVE-2018-8793

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.

7.5 2019-02-05 CVE-2018-8792

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

7.5 2019-02-05 CVE-2018-8791

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

4.3 2011-05-24 CVE-2011-1595

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

9.3 2008-05-12 CVE-2008-1803

Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.

9.3 2008-05-12 CVE-2008-1802

Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.

9.3 2008-05-12 CVE-2008-1801

Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

CWE : Common Weakness Enumeration

%idName
35% (10) CWE-125 Out-of-bounds Read
25% (7) CWE-787 Out-of-bounds Write
10% (3) CWE-191 Integer Underflow (Wrap or Wraparound)
10% (3) CWE-190 Integer Overflow or Wraparound
7% (2) CWE-189 Numeric Errors
7% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:11570 Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allo...
oval:org.mitre.oval:def:9800 Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1....
oval:org.mitre.oval:def:7976 DSA-1573 rdesktop -- several vulnerabilities
oval:org.mitre.oval:def:20140 DSA-1573-1 rdesktop - several vulnerabilities
oval:org.mitre.oval:def:17529 USN-646-1 -- rdesktop vulnerabilities
oval:org.mitre.oval:def:21787 ELSA-2008:0575: rdesktop security update (Moderate)
oval:org.mitre.oval:def:29234 RHSA-2008:0575 -- rdesktop security update (Moderate)
oval:org.mitre.oval:def:21920 RHSA-2011:0506: rdesktop security update (Moderate)
oval:org.mitre.oval:def:13823 USN-1136-1 -- rdesktop vulnerability
oval:org.mitre.oval:def:23586 ELSA-2011:0506: rdesktop security update (Moderate)
oval:org.mitre.oval:def:27640 DEPRECATED: ELSA-2011-0506 -- rdesktop security update (moderate)

Open Source Vulnerability Database (OSVDB)

id Description
72301 rdesktop Disk Redirection Traversal Arbitrary File Manipulation
44945 rdesktop channel_process() Integer Signedness Remote Code Execution
44944 rdesktop Redirect Request process_redirect_pdu() Function BSS Section Overflow
44943 rdesktop RDP Request iso_recv_msg() Function Underflow

OpenVAS Exploits

id Description
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-03 (rdesktop)
File : nvt/glsa_201210_03.nasl
2012-07-30 Name : CentOS Update for rdesktop CESA-2011:0506 centos5 x86_64
File : nvt/gb_CESA-2011_0506_rdesktop_centos5_x86_64.nasl
2011-08-09 Name : CentOS Update for rdesktop CESA-2011:0506 centos5 i386
File : nvt/gb_CESA-2011_0506_rdesktop_centos5_i386.nasl
2011-07-12 Name : Fedora Update for rdesktop FEDORA-2011-7688
File : nvt/gb_fedora_2011_7688_rdesktop_fc15.nasl
2011-06-10 Name : Fedora Update for rdesktop FEDORA-2011-7697
File : nvt/gb_fedora_2011_7697_rdesktop_fc14.nasl
2011-06-10 Name : Fedora Update for rdesktop FEDORA-2011-7694
File : nvt/gb_fedora_2011_7694_rdesktop_fc13.nasl
2011-06-03 Name : Ubuntu Update for rdesktop USN-1136-1
File : nvt/gb_ubuntu_USN_1136_1.nasl
2011-06-03 Name : Mandriva Update for rdesktop MDVSA-2011:102 (rdesktop)
File : nvt/gb_mandriva_MDVSA_2011_102.nasl
2011-05-17 Name : RedHat Update for rdesktop RHSA-2011:0506-01
File : nvt/gb_RHSA-2011_0506-01_rdesktop.nasl
2009-04-09 Name : Mandriva Update for rdesktop MDVSA-2008:101 (rdesktop)
File : nvt/gb_mandriva_MDVSA_2008_101.nasl
2009-03-23 Name : Ubuntu Update for rdesktop vulnerabilities USN-646-1
File : nvt/gb_ubuntu_USN_646_1.nasl
2009-03-06 Name : RedHat Update for rdesktop RHSA-2008:0575-01
File : nvt/gb_RHSA-2008_0575-01_rdesktop.nasl
2009-03-06 Name : RedHat Update for rdesktop RHSA-2008:0576-01
File : nvt/gb_RHSA-2008_0576-01_rdesktop.nasl
2009-03-06 Name : RedHat Update for rdesktop RHSA-2008:0725-01
File : nvt/gb_RHSA-2008_0725-01_rdesktop.nasl
2009-02-27 Name : CentOS Update for rdesktop CESA-2008:0576 centos3 x86_64
File : nvt/gb_CESA-2008_0576_rdesktop_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for rdesktop CESA-2008:0576 centos3 i386
File : nvt/gb_CESA-2008_0576_rdesktop_centos3_i386.nasl
2009-02-17 Name : Fedora Update for rdesktop FEDORA-2008-3917
File : nvt/gb_fedora_2008_3917_rdesktop_fc8.nasl
2009-02-17 Name : Fedora Update for rdesktop FEDORA-2008-3985
File : nvt/gb_fedora_2008_3985_rdesktop_fc7.nasl
2009-02-17 Name : Fedora Update for rdesktop FEDORA-2008-3886
File : nvt/gb_fedora_2008_3886_rdesktop_fc9.nasl
2009-01-23 Name : SuSE Update for openwsman SUSE-SA:2008:041
File : nvt/gb_suse_2008_041.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200806-04 (rdesktop)
File : nvt/glsa_200806_04.nasl
2008-05-27 Name : Debian Security Advisory DSA 1573-1 (rdesktop)
File : nvt/deb_1573_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-110-01 rdesktop
File : nvt/esoft_slk_ssa_2011_110_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-148-01 rdesktop
File : nvt/esoft_slk_ssa_2008_148_01.nasl

Snort® IPS/IDS

Date Description
2019-09-24 Rdesktop process_redirect_pdu BSS overflow attempt
RuleID : 51220 - Type : OS-LINUX - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_rdesktop-110512.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_rdesktop-110512.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2008-0576.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2011-0506.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2008-0575.nasl - Type: ACT_GATHER_INFO
2012-10-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201210-03.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20110511_rdesktop_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20080724_rdesktop_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20080724_rdesktop_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20080416_rdesktop_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_rdesktop-7525.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1136-1.nasl - Type: ACT_GATHER_INFO
2011-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7694.nasl - Type: ACT_GATHER_INFO
2011-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7697.nasl - Type: ACT_GATHER_INFO
2011-06-06 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7688.nasl - Type: ACT_GATHER_INFO
2011-05-31 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-102.nasl - Type: ACT_GATHER_INFO
2011-05-25 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_rdesktop-110512.nasl - Type: ACT_GATHER_INFO
2011-05-12 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2011-0506.nasl - Type: ACT_GATHER_INFO
2011-05-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0506.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2011-110-01.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2008-0575.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2008-101.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-646-1.nasl - Type: ACT_GATHER_INFO
2008-08-15 Name: The remote openSUSE host is missing a security update.
File: suse_rdesktop-5271.nasl - Type: ACT_GATHER_INFO
2008-08-14 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_rdesktop-5272.nasl - Type: ACT_GATHER_INFO