Ubuntu Rdesktop vulnerability – pretty easy fix

Fri, Sep 19, 2008

Linux, Technology, Ubuntu

Talk about it in our Forums

Ubuntu Rdesktop vulnerability – pretty easy fix

Just noticed that there was a vulnerability found with rdesktop in Ubuntu (and probably other systems as well).

For 99% of the people, running a software update or typing the following will fix it:

sudo apt-get update

sudo atp-get dist-upgrade

If you see an rdesktop update downloaded, you’re good to go.

Here are the gory details.

=========================================================== Ubuntu Security Notice USN-646-1 September 18, 2008 rdesktop vulnerabilities CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: rdesktop 1.4.1-1.1ubuntu0.6.06.1 Ubuntu 7.04: rdesktop 1.5.0-1ubuntu1.1 Ubuntu 7.10: rdesktop 1.5.0-2ubuntu0.1 Ubuntu 8.04 LTS: rdesktop 1.5.0-3+cvs20071006ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1801) Multiple buffer overflows were discovered in rdesktop when processing RDP redirect requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802) It was discovered that rdesktop performed a signed integer comparison when reallocating dynamic buffers which could result in a heap-based overflow. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802)

Technorati Tags: Ubuntu, rdesktop, linux, vulnerability

Popularity: 2% [?]

Share and Enjoy:

Linux, rdesktop, Ubuntu, vulnerability

This post was written by:

arsgeek - who has written 1989 posts on ArsGeek.

Contact the author

1 Comments For This Post

Cristal Says:
March 3rd, 2011 at 11:40 am

hey there and thank you for your info – I’ve certainly picked up anything new from right here. I did however expertise some technical points using this site, as I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I’m complaining, but slow loading instances times will sometimes affect your placement in google and could damage your high-quality score if ads and marketing with Adwords. Well I’m adding this RSS to my email and could look out for much more of your respective fascinating content. Ensure that you update this again soon..

Cristal Says:
March 3rd, 2011 at 11:40 am
hey there and thank you for your info – I’ve certainly picked up anything new from right here. I did however expertise some technical points using this site, as I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I’m complaining, but slow loading instances times will sometimes affect your placement in google and could damage your high-quality score if ads and marketing with Adwords. Well I’m adding this RSS to my email and could look out for much more of your respective fascinating content. Ensure that you update this again soon..

ArsGeek