Vulnerability Details : CVE-2008-1802
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-1802
- cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1802
92.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-1802
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-1802
-
Red Hat 2008-06-24Not vulnerable. This issue did not affect the versions of rdesktop as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
References for CVE-2008-1802
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:101
Mandriva
-
http://www.vupen.com/english/advisories/2008/1467/references
Site en construction
-
http://www.vupen.com/english/advisories/2008/2403
Site en construction
-
http://www.debian.org/security/2008/dsa-1573
[SECURITY] [DSA 1573-1] New rdesktop packages fix several vulnerabilities
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697
-
http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html
[SECURITY] Fedora 8 Update: rdesktop-1.6.0-1.fc8
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42275
rdesktop process_redirect_pdu function buffer overflow CVE-2008-1802 Vulnerability Report
-
http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html
[SECURITY] Fedora 9 Update: rdesktop-1.6.0-1.fc9
-
http://security.gentoo.org/glsa/glsa-200806-04.xml
rdesktop: Multiple vulnerabilities (GLSA 200806-04) — Gentoo security
-
http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm
ASA-2008-360 (SUN 240708)
-
http://www.securitytracker.com/id?1019991
GoDaddy Domain Name Search
-
http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html
[SECURITY] Fedora 7 Update: rdesktop-1.6.0-1.fc7
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1
-
http://www.ubuntu.com/usn/usn-646-1
USN-646-1: rdesktop vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.securityfocus.com/bid/29097
-
https://www.exploit-db.com/exploits/5585
rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC) - Linux dos Exploit
-
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdp.c?r1=1.101&r2=1.102&pathrev=HEAD
CVS Info for project rdesktopExploit
Jump to