Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-1803 | First vendor Publication | 2008-05-12 |
Vendor | Cve | Last vendor Modification | 2017-09-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17529 | |||
Oval ID: | oval:org.mitre.oval:def:17529 | ||
Title: | USN-646-1 -- rdesktop vulnerabilities | ||
Description: | It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-646-1 CVE-2008-1801 CVE-2008-1802 CVE-2008-1803 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | rdesktop |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20140 | |||
Oval ID: | oval:org.mitre.oval:def:20140 | ||
Title: | DSA-1573-1 rdesktop - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1573-1 CVE-2008-1801 CVE-2008-1802 CVE-2008-1803 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | rdesktop |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21787 | |||
Oval ID: | oval:org.mitre.oval:def:21787 | ||
Title: | ELSA-2008:0575: rdesktop security update (Moderate) | ||
Description: | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0575-01 CVE-2008-1801 CVE-2008-1803 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | rdesktop |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29234 | |||
Oval ID: | oval:org.mitre.oval:def:29234 | ||
Title: | RHSA-2008:0575 -- rdesktop security update (Moderate) | ||
Description: | An updated rdesktop package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803) Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0575 CESA-2008:0575-CentOS 5 CVE-2008-1801 CVE-2008-1803 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | rdesktop |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7976 | |||
Oval ID: | oval:org.mitre.oval:def:7976 | ||
Title: | DSA-1573 rdesktop -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. The Common Vulnerabilities and Exposures project identifies the following problems: Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1573 CVE-2008-1801 CVE-2008-1802 CVE-2008-1803 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | rdesktop |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9800 | |||
Oval ID: | oval:org.mitre.oval:def:9800 | ||
Title: | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. | ||
Description: | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1803 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for rdesktop MDVSA-2008:101 (rdesktop) File : nvt/gb_mandriva_MDVSA_2008_101.nasl |
2009-03-23 | Name : Ubuntu Update for rdesktop vulnerabilities USN-646-1 File : nvt/gb_ubuntu_USN_646_1.nasl |
2009-03-06 | Name : RedHat Update for rdesktop RHSA-2008:0575-01 File : nvt/gb_RHSA-2008_0575-01_rdesktop.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3886 File : nvt/gb_fedora_2008_3886_rdesktop_fc9.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3917 File : nvt/gb_fedora_2008_3917_rdesktop_fc8.nasl |
2009-02-17 | Name : Fedora Update for rdesktop FEDORA-2008-3985 File : nvt/gb_fedora_2008_3985_rdesktop_fc7.nasl |
2009-01-23 | Name : SuSE Update for openwsman SUSE-SA:2008:041 File : nvt/gb_suse_2008_041.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-04 (rdesktop) File : nvt/glsa_200806_04.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1573-1 (rdesktop) File : nvt/deb_1573_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44945 | rdesktop channel_process() Integer Signedness Remote Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0575.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080724_rdesktop_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0575.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-101.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-646-1.nasl - Type : ACT_GATHER_INFO |
2008-08-15 | Name : The remote openSUSE host is missing a security update. File : suse_rdesktop-5271.nasl - Type : ACT_GATHER_INFO |
2008-08-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_rdesktop-5272.nasl - Type : ACT_GATHER_INFO |
2008-07-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0575.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-04.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3886.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3917.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3985.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1573.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:07:24 |
|
2021-04-22 01:07:48 |
|
2020-05-23 00:21:34 |
|
2017-09-29 09:23:30 |
|
2017-08-08 09:24:01 |
|
2016-04-26 17:19:01 |
|
2014-02-17 10:44:39 |
|
2013-05-11 00:15:03 |
|