Package: rdesktop Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for rdesktop.
CVE-2008-1802[0]: | Remote exploitation of a BSS overflow vulnerability in rdesktop, as | included in various vendors' operating system distributions, allows | attackers to execute arbitrary code with the privileges of the | logged-in user. | | The vulnerability exists within the code responsible for reading in an | RDP redirect request. This request is used to redirect an RDP | connection from one server to another. When parsing the redirect | request, the rdesktop client reads several 32-bit integers from the | request packet. These integers are then used to control the number of | bytes read into statically allocated buffers. This results in several | buffers located in the BSS section being overflowed, which can lead to | the execution of arbitrary code. Note the description is not yet online on the mitre site, this is from the iDefense advisory. Patch: http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdp.c?r1=1.101&r2=1.102&view=patch If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 http://security-tracker.debian.net/tracker/CVE-2008-1802 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOynxL2ocRG.pgp
Description: PGP signature
