Mandriva Linux Security Advisory : rdesktop (MDVSA-2008:101)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Several vulnerabilities were discovered in rdesktop, a Remote Desktop
Protocol client.

An integer underflow vulnerability allowed attackers to cause a denial
of service (crash) and possibly execute arbitrary code with the
privileges of the logged-in user (CVE-2008-1801).

A buffer overflow vulnerability allowed attackers to execute arbitrary
code with the privileges of the logged-in user (CVE-2008-1802).

An integer signedness vulnerability allowed attackers to execute
arbitrary code with the privileges of the logged-in user
(CVE-2008-1803).

In order for these vulnerabilities to be exploited, an attacker must
persuade a targeted user to connect to a malicious RDP server.

The updated packages have been patched to correct these issues.

Solution :

Update the affected rdesktop package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37563 (mandriva_MDVSA-2008-101.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1801
CVE-2008-1802
CVE-2008-1803

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now