Summary
Detail | |||
---|---|---|---|
Vendor | Rdesktop | First view | 2008-05-12 |
Product | Rdesktop | Last view | 2019-10-30 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2019-10-30 | CVE-2019-15682 | RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 |
9.8 | 2019-03-15 | CVE-2018-20182 | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. |
9.8 | 2019-03-15 | CVE-2018-20181 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. |
9.8 | 2019-03-15 | CVE-2018-20180 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. |
9.8 | 2019-03-15 | CVE-2018-20179 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. |
7.5 | 2019-03-15 | CVE-2018-20178 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). |
9.8 | 2019-03-15 | CVE-2018-20177 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. |
7.5 | 2019-03-15 | CVE-2018-20176 | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). |
7.5 | 2019-03-15 | CVE-2018-20175 | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). |
7.5 | 2019-03-15 | CVE-2018-20174 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. |
9.8 | 2019-02-05 | CVE-2018-8800 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. |
7.5 | 2019-02-05 | CVE-2018-8799 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). |
7.5 | 2019-02-05 | CVE-2018-8798 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. |
9.8 | 2019-02-05 | CVE-2018-8797 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. |
7.5 | 2019-02-05 | CVE-2018-8796 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). |
9.8 | 2019-02-05 | CVE-2018-8795 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. |
9.8 | 2019-02-05 | CVE-2018-8794 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. |
9.8 | 2019-02-05 | CVE-2018-8793 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. |
7.5 | 2019-02-05 | CVE-2018-8792 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). |
7.5 | 2019-02-05 | CVE-2018-8791 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. |
4.3 | 2011-05-24 | CVE-2011-1595 | Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. |
9.3 | 2008-05-12 | CVE-2008-1803 | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. |
9.3 | 2008-05-12 | CVE-2008-1802 | Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. |
9.3 | 2008-05-12 | CVE-2008-1801 | Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
35% (10) | CWE-125 | Out-of-bounds Read |
25% (7) | CWE-787 | Out-of-bounds Write |
10% (3) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
10% (3) | CWE-190 | Integer Overflow or Wraparound |
7% (2) | CWE-189 | Numeric Errors |
7% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
3% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:11570 | Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allo... |
oval:org.mitre.oval:def:9800 | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.... |
oval:org.mitre.oval:def:7976 | DSA-1573 rdesktop -- several vulnerabilities |
oval:org.mitre.oval:def:20140 | DSA-1573-1 rdesktop - several vulnerabilities |
oval:org.mitre.oval:def:17529 | USN-646-1 -- rdesktop vulnerabilities |
oval:org.mitre.oval:def:21787 | ELSA-2008:0575: rdesktop security update (Moderate) |
oval:org.mitre.oval:def:29234 | RHSA-2008:0575 -- rdesktop security update (Moderate) |
oval:org.mitre.oval:def:21920 | RHSA-2011:0506: rdesktop security update (Moderate) |
oval:org.mitre.oval:def:13823 | USN-1136-1 -- rdesktop vulnerability |
oval:org.mitre.oval:def:23586 | ELSA-2011:0506: rdesktop security update (Moderate) |
oval:org.mitre.oval:def:27640 | DEPRECATED: ELSA-2011-0506 -- rdesktop security update (moderate) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
72301 | rdesktop Disk Redirection Traversal Arbitrary File Manipulation |
44945 | rdesktop channel_process() Integer Signedness Remote Code Execution |
44944 | rdesktop Redirect Request process_redirect_pdu() Function BSS Section Overflow |
44943 | rdesktop RDP Request iso_recv_msg() Function Underflow |
OpenVAS Exploits
id | Description |
---|---|
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-03 (rdesktop) File : nvt/glsa_201210_03.nasl |
2012-07-30 | Name : CentOS Update for rdesktop CESA-2011:0506 centos5 x86_64 File : nvt/gb_CESA-2011_0506_rdesktop_centos5_x86_64.nasl |
2011-08-09 | Name : CentOS Update for rdesktop CESA-2011:0506 centos5 i386 File : nvt/gb_CESA-2011_0506_rdesktop_centos5_i386.nasl |
2011-07-12 | Name : Fedora Update for rdesktop FEDORA-2011-7688 File : nvt/gb_fedora_2011_7688_rdesktop_fc15.nasl |
2011-06-10 | Name : Fedora Update for rdesktop FEDORA-2011-7697 File : nvt/gb_fedora_2011_7697_rdesktop_fc14.nasl |
2011-06-10 | Name : Fedora Update for rdesktop FEDORA-2011-7694 File : nvt/gb_fedora_2011_7694_rdesktop_fc13.nasl |
2011-06-03 | Name : Ubuntu Update for rdesktop USN-1136-1 File : nvt/gb_ubuntu_USN_1136_1.nasl |
2011-06-03 | Name : Mandriva Update for rdesktop MDVSA-2011:102 (rdesktop) File : nvt/gb_mandriva_MDVSA_2011_102.nasl |
2011-05-17 | Name : RedHat Update for rdesktop RHSA-2011:0506-01 File : nvt/gb_RHSA-2011_0506-01_rdesktop.nasl |
2009-04-09 | Name : Mandriva Update for rdesktop MDVSA-2008:101 (rdesktop) File : nvt/gb_mandriva_MDVSA_2008_101.nasl |
2009-03-23 | Name : Ubuntu Update for rdesktop vulnerabilities USN-646-1 File : nvt/gb_ubuntu_USN_646_1.nasl |
2009-03-06 | Name : RedHat Update for rdesktop RHSA-2008:0575-01 File : nvt/gb_RHSA-2008_0575-01_rdesktop.nasl |
2009-03-06 | Name : RedHat Update for rdesktop RHSA-2008:0576-01 File : nvt/gb_RHSA-2008_0576-01_rdesktop.nasl |
2009-03-06 | Name : RedHat Update for rdesktop RHSA-2008:0725-01 File : nvt/gb_RHSA-2008_0725-01_rdesktop.nasl |
2009-02-27 | Name : CentOS Update for rdesktop CESA-2008:0576 centos3 x86_64 File : nvt/gb_CESA-2008_0576_rdesktop_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for rdesktop CESA-2008:0576 centos3 i386 File : nvt/gb_CESA-2008_0576_rdesktop_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3917 File : nvt/gb_fedora_2008_3917_rdesktop_fc8.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3985 File : nvt/gb_fedora_2008_3985_rdesktop_fc7.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3886 File : nvt/gb_fedora_2008_3886_rdesktop_fc9.nasl |
2009-01-23 | Name : SuSE Update for openwsman SUSE-SA:2008:041 File : nvt/gb_suse_2008_041.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-04 (rdesktop) File : nvt/glsa_200806_04.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1573-1 (rdesktop) File : nvt/deb_1573_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-110-01 rdesktop File : nvt/esoft_slk_ssa_2011_110_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-148-01 rdesktop File : nvt/esoft_slk_ssa_2008_148_01.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-24 | Rdesktop process_redirect_pdu BSS overflow attempt RuleID : 51220 - Type : OS-LINUX - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_rdesktop-110512.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_rdesktop-110512.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2008-0576.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2011-0506.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2008-0575.nasl - Type: ACT_GATHER_INFO |
2012-10-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201210-03.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20110511_rdesktop_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20080724_rdesktop_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20080724_rdesktop_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20080416_rdesktop_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2011-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_rdesktop-7525.nasl - Type: ACT_GATHER_INFO |
2011-06-13 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1136-1.nasl - Type: ACT_GATHER_INFO |
2011-06-09 | Name: The remote Fedora host is missing a security update. File: fedora_2011-7694.nasl - Type: ACT_GATHER_INFO |
2011-06-09 | Name: The remote Fedora host is missing a security update. File: fedora_2011-7697.nasl - Type: ACT_GATHER_INFO |
2011-06-06 | Name: The remote Fedora host is missing a security update. File: fedora_2011-7688.nasl - Type: ACT_GATHER_INFO |
2011-05-31 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-102.nasl - Type: ACT_GATHER_INFO |
2011-05-25 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_rdesktop-110512.nasl - Type: ACT_GATHER_INFO |
2011-05-12 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2011-0506.nasl - Type: ACT_GATHER_INFO |
2011-05-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-0506.nasl - Type: ACT_GATHER_INFO |
2011-04-22 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2011-110-01.nasl - Type: ACT_GATHER_INFO |
2010-01-06 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2008-0575.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2008-101.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-646-1.nasl - Type: ACT_GATHER_INFO |
2008-08-15 | Name: The remote openSUSE host is missing a security update. File: suse_rdesktop-5271.nasl - Type: ACT_GATHER_INFO |
2008-08-14 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_rdesktop-5272.nasl - Type: ACT_GATHER_INFO |