This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200806-04
(rdesktop: Multiple vulnerabilities)
An anonymous researcher reported multiple vulnerabilities in rdesktop
via iDefense Labs:
An integer underflow error exists in
the function iso_recv_msg() in the file iso.c which can be triggered
via a specially crafted RDP request, causing a heap-based buffer
An input validation error exists in
the function process_redirect_pdu() in the file rdp.c which can be
triggered via a specially crafted RDP redirect request, causing a
BSS-based buffer overflow (CVE-2008-1802).
An integer signedness error exists in the function xrealloc() in the
file rdesktop.c which can be be exploited to cause a heap-based buffer
An attacker could exploit these vulnerabilities by enticing a user to
connect to a malicious RDP server thereby allowing the attacker to
execute arbitrary code or cause a Denial of Service.
There is no known workaround at this time.
See also :
All rdesktop users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/rdesktop-1.6.0'
Risk factor :
High / CVSS Base Score : 9.3
Family: Gentoo Local Security Checks
Nessus Plugin ID: 33189 (gentoo_GLSA-200806-04.nasl)
CVE ID: CVE-2008-1801CVE-2008-1802CVE-2008-1803
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.