| ID |
CVE-2008-1803
|
| Summary |
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 29-09-2017 - 01:30) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2013-04-29T04:22:21.742-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | | oval | oval:org.mitre.oval:def:11414 |
| comment | The operating system installed on the system is CentOS Linux 5.x | | oval | oval:org.mitre.oval:def:15802 |
| comment | Oracle Linux 5.x | | oval | oval:org.mitre.oval:def:15459 |
| | description | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. | | family | unix | | id | oval:org.mitre.oval:def:9800 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. | | version | 18 |
|
| redhat
via4
|
| advisories | | bugzilla | | id | 445829 | | title | CVE-2008-1803 rdesktop: channel_process() Integer Signedness Vulnerability |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 5 is installed | | oval | oval:com.redhat.rhba:tst:20070331005 |
| comment | rdesktop is earlier than 0:1.4.1-6 | | oval | oval:com.redhat.rhsa:tst:20080575001 |
| comment | rdesktop is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20080575002 |
|
|
| | rhsa | | id | RHSA-2008:0575 | | released | 2008-07-24 | | severity | Moderate | | title | RHSA-2008:0575: rdesktop security update (Moderate) |
|
| | rpms | - rdesktop-0:1.4.1-6
- rdesktop-debuginfo-0:1.4.1-6
|
|
| refmap
via4
|
| bid | 29097 | | confirm | | | debian | DSA-1573 | | fedora | - FEDORA-2008-3886
- FEDORA-2008-3917
- FEDORA-2008-3985
| | gentoo | GLSA-200806-04 | | idefense | 20080507 Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability | | mandriva | MDVSA-2008:101 | | sectrack | 1019992 | | secunia | - 30118
- 30248
- 30713
- 31224
- 31928
| | sunalert | 240708 | | ubuntu | USN-646-1 | | vupen | - ADV-2008-1467
- ADV-2008-2403
| | xf | rdesktop-xrealloc-bo(42277) |
|
| Last major update |
29-09-2017 - 01:30 |
| Published |
12-05-2008 - 22:20 |
| Last modified |
29-09-2017 - 01:30 |
