CVE-2008-1801

2008-05-12 18:20:00 2017-09-29 03:30:52

Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Rdesktop Rdesktop 1.5.0 (not an official CPE)

Rdesktop - Rdesktop

Advisory	Patch	Confirmed	Link
			5561
			rdesktop-isorecvmsg-code-execution(42272)
			ADV-2008-2403
			ADV-2008-1467
			USN-646-1
			1019990
			29097
			RHSA-2008:0576
			RHSA-2008:0725
			FEDORA-2008-3985
			RHSA-2008:0575
			FEDORA-2008-3917
			FEDORA-2008-3886
			http://support.avaya.com/elmodocs2/security/ASA-2008-360...
			DSA-1573
			MDVSA-2008:101
			SSA:2008-148-01
			240708
			GLSA-200806-04
			http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/is...
			20080507 Multiple Vendor rdesktop iso_recv_msg() Integer...

CVE-2008-1801

2008-05-12 18:20:00 2017-09-29 03:30:52

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)