Package: rdesktop Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for rdesktop.
CVE-2008-1801[0]: | Remote exploitation of an integer underflow vulnerability in rdesktop, | as included in various vendors' operating system distributions, allows | attackers to execute arbitrary code with the privileges of the | logged-in user. | | The vulnerability exists within the code responsible for reading in an | RDP request. When reading a request, a 16-bit integer value that | represents the number of bytes that follow is taken from the packet. | This value is then decremented by 4, and used to calculate how many | bytes to read into a heap buffer. The subtraction operation can | underflow, which will then lead to the heap buffer being overflowed. Note, the CVE id for this is not yet online on the mitre site. Patch: http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 http://security-tracker.debian.net/tracker/CVE-2008-1801 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgplZIT3P2ptr.pgp
Description: PGP signature
