Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
| Products | Rdesktop |
| Type | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| First patch |
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 |
| Relevant file/s |
• ./asn.c (modified, +1, -1)
• ./bitmap.c (modified, +4, -4) • ./cliprdr.c (modified, +6) • ./constants.h (modified, +3) • ./cssp.c (modified, +16, -1)
• ./lspci.c (modified, +8, -1)
• ./mcs.c (modified, +18, -2) • ./orders.c (modified, +6) • ./proto.h (modified, +2, -1) • ./rdp.c (modified, +132, -60) • ./rdpdr.c (modified, +11) • ./rdpsnd.c (modified, +11) • ./seamless.c (modified, +12) • ./secure.c (modified, +17) • ./stream.h (modified, +1, -1) • ./types.h (modified, +2) |
| Links |
• https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
• https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html • https://www.debian.org/security/2019/dsa-4394 • http://www.securityfocus.com/bid/106938 • https://security.gentoo.org/glsa/201903-06 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: