ID:

CVE-2018-20177 (NVD)

- Vulnerability Info (edit)
2019-03-15

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

Products rdesktop
Type Integer Overflow or Wraparound (CWE-190)
First patch
2019-01-16
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
"Malicious RDP server security fixes This commit includes fixes for a set of 21 vulnerabilities in rdesktop when a malicious RDP server is used. All vulnerabilities was identified and reported by Eyal Itkin. * Add rdp_protocol_error function that is used in several fixes * Refactor of process_bitmap_updates * Fix possible integer overflow in..."
s_check_rem() on 32bit arch * Fix memory corruption in process_bitmap_data - CVE-2018-8794 * Fix remote code execution in process_bitmap_data - CVE-2018-8795 * Fix remote code execution in process_plane - CVE-2018-8797 * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 * Fix Denial of Service in sec_recv - CVE-2018-20176 * Fix minor information leak in rdpdr_process - CVE-2018-8791 * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 * Fix Denial of Service in process_bitmap_data - CVE-2018-8796 * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 * Fix Denial of Service in process_secondary_order - CVE-2018-8799 * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 * Fix major information leak in ui_clip_handle_data - CVE-2018-20174 * Fix memory corruption in rdp_in_unistr - CVE-2018-20177 * Fix Denial of Service in process_demand_active - CVE-2018-20178 * Fix remote code execution in lspci_process - CVE-2018-20179 * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180 * Fix remote code execution in seamless_process - CVE-2018-20181 * Fix remote code execution in seamless_process_line - CVE-2018-20182


Stats: +250 lines / -71 lines (total: 321 lines)
Relevant file/s • ./asn.c (modified, +1, -1)
• ./bitmap.c (modified, +4, -4)
• ./cliprdr.c (modified, +6)
• ./constants.h (modified, +3)
• ./cssp.c (modified, +16, -1)
• ./lspci.c (modified, +8, -1)
• ./mcs.c (modified, +18, -2)
• ./orders.c (modified, +6)
• ./proto.h (modified, +2, -1)
• ./rdp.c (modified, +132, -60)
• ./rdpdr.c (modified, +11)
• ./rdpsnd.c (modified, +11)
• ./seamless.c (modified, +12)
• ./secure.c (modified, +17)
• ./stream.h (modified, +1, -1)
• ./types.h (modified, +2)
Links https://www.debian.org/security/2019/dsa-4394
http://www.securityfocus.com/bid/106938
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
https://security.gentoo.org/glsa/201903-06
Annotation

Note:

This entry has not been annotated yet.

Please consider adding data:

rdesktop - Tree: 4dca546d04

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: