LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: rdesktop vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1801)
=========================================================== 
Ubuntu Security Notice USN-646-1         September 18, 2008
rdesktop vulnerabilities
CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  rdesktop                        1.4.1-1.1ubuntu0.6.06.1

Ubuntu 7.04:
  rdesktop                        1.5.0-1ubuntu1.1

Ubuntu 7.10:
  rdesktop                        1.5.0-2ubuntu0.1

Ubuntu 8.04 LTS:
  rdesktop                        1.5.0-3+cvs20071006ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that rdesktop did not properly validate the length
of packet headers when processing RDP requests. If a user were tricked
into connecting to a malicious server, an attacker could cause a
denial of service or possible execute arbitrary code with the
privileges of the user. (CVE-2008-1801)

Multiple buffer overflows were discovered in rdesktop when processing
RDP redirect requests. If a user were tricked into connecting to a
malicious server, an attacker could cause a denial of service or
possible execute arbitrary code with the privileges of the user.
(CVE-2008-1802)

It was discovered that rdesktop performed a signed integer comparison
when reallocating dynamic buffers which could result in a heap-based
overflow. If a user were tricked into connecting to a malicious
server, an attacker could cause a denial of service or possible
execute arbitrary code with the privileges of the user.
(CVE-2008-1802)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1.diff.gz
      Size/MD5:    11833 02d252fcd49c4645b3e716d856d1c415
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1.dsc
      Size/MD5:      652 ef3291adc58f0a7cb13a611b4f0a2121
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1.orig.tar.gz
      Size/MD5:   218413 ce6b2369d633128ff00a2a8ae7c18ef8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1_amd64.deb
      Size/MD5:   111972 aa37f6bbd6e6aef1c522fbdb856b0f88

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1_i386.deb
      Size/MD5:   101116 c763412c9df04d92d96ac35d3b1da461

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   119686 a04bf8dfa52a4b9345c0768174c4fe5f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.4.1-1.1ubuntu0.6.06.1_sparc.deb
      Size/MD5:   108374 f93183194eb83d0d303bc198260f5aaf

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1.diff.gz
      Size/MD5:    20640 935bc4696bd2aea80b00ce2d1541b8a1
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1.dsc
      Size/MD5:      648 fa4980e269f93cdc5fe4547b4ba270c6
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz
      Size/MD5:   245137 433546f60fc0f201e99307ba188369ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1_amd64.deb
      Size/MD5:   138228 051403b954434d9f3abdeeeaf598ab6b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1_i386.deb
      Size/MD5:   122622 ddd936f095eca9f9c1ebaa9b2a1ac637

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1_powerpc.deb
      Size/MD5:   147290 477231f887705ee5f5303d9d95c9b63f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-1ubuntu1.1_sparc.deb
      Size/MD5:   131252 66fe53989b7540f8de5267e543fabb4e

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1.diff.gz
      Size/MD5:    20644 87afc1c27f2489d0a7ce4d1592f294d6
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1.dsc
      Size/MD5:      648 6bd1addbc212ec9b4f331be244e604aa
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz
      Size/MD5:   245137 433546f60fc0f201e99307ba188369ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1_amd64.deb
      Size/MD5:   138036 4a7e96222fe9027700e816acf59bb734

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1_i386.deb
      Size/MD5:   122472 b1dd9c0cb2641891ddcfec99704b46a9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1_lpia.deb
      Size/MD5:   122174 ddcb80d1456ba036a283bd239e5d559b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1_powerpc.deb
      Size/MD5:   146892 09c1dda0b426d812b867f311884854cc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-2ubuntu0.1_sparc.deb
      Size/MD5:   130926 4c438675fae5796dc90d18c38b09993f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1.diff.gz
      Size/MD5:   239616 dd50827c7f209fba8acce7438046a0c5
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1.dsc
      Size/MD5:      673 df18cff01658e869689437b0f4ba6a3f
    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz
      Size/MD5:   245137 433546f60fc0f201e99307ba188369ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1_amd64.deb
      Size/MD5:   146160 553eebe2e4574d5ecfca06471fc5f765

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1_i386.deb
      Size/MD5:   128674 9bc9f5f95fd66bf57b0520299e478b08

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1_lpia.deb
      Size/MD5:   129648 abdab7d9e099f1d6dde38c7e4efe4707

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1_powerpc.deb
      Size/MD5:   152548 25633e850f1523be7b76a08e2ff33543

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/r/rdesktop/rdesktop_1.5.0-3+cvs20071006ubuntu0.1_sparc.deb
      Size/MD5:   136268 1cd132a6dc1d34fc08df8a87ea559c6f



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.