Bug 445825 (CVE-2008-1801)
Summary: | CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | davidz, kreilly, sandmann, zcerza | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1801 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-07-25 06:21:20 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 445841, 445842, 445843, 452978, 452979, 452980, 452981 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2008-05-09 10:10:20 UTC
Upstream released version 1.6.0 which address this issue: http://sourceforge.net/mailarchive/message.php?msg_name=20080511065217.GA24455%40cse.unsw.EDU.AU rdesktop-1.6.0-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. rdesktop-1.6.0-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. rdesktop-1.6.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Created attachment 306783 [details] Public PoC http://www.milw0rm.com/exploits/5561 As for CVSSv2 score, two possibilities should be considered. User needs to be convinced to connect to untrusted RDP server for this issue to be exploited. This is lot more likely to happen if malicious RDP server is within some local network (AV:A/AC:M) and not so likely for random RDP server in the Internet (AV:N/AC:H), hence Internet vector should have higher access complexity. AV:A/AC:M results in higher base score of: 5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0725.html http://rhn.redhat.com/errata/RHSA-2008-0575.html http://rhn.redhat.com/errata/RHSA-2008-0576.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3917 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-3886 |