Vulnerability Name:

CVE-2008-1801 (CCN-42272)

Assigned:2008-05-07
Published:2008-05-07
Updated:2017-09-29
Summary:Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.4 Medium (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P)
4.2 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-1801

Source: IDEFENSE
Type: UNKNOWN
20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability

Source: CCN
Type: SourceForge.net Repository
[rdesktop] Annotation of /rdesktop/iso.c

Source: CONFIRM
Type: Exploit
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD

Source: CCN
Type: RHSA-2008-0575
Moderate: rdesktop security update

Source: CCN
Type: RHSA-2008-0576
Moderate: rdesktop security update

Source: CCN
Type: RHSA-2008-0725
Moderate: rdesktop security and bug fix update

Source: CCN
Type: SA30118
rdesktop Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30118

Source: SECUNIA
Type: UNKNOWN
30248

Source: SECUNIA
Type: UNKNOWN
30380

Source: SECUNIA
Type: UNKNOWN
30713

Source: SECUNIA
Type: UNKNOWN
31222

Source: SECUNIA
Type: UNKNOWN
31224

Source: SECUNIA
Type: UNKNOWN
31928

Source: GENTOO
Type: UNKNOWN
GLSA-200806-04

Source: CCN
Type: SECTRACK ID: 1019990
rdesktop Integer Underflow in iso_recv_msg() Lets Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2008-148-01

Source: SUNALERT
Type: UNKNOWN
240708

Source: CCN
Type: Sun Alert ID: 240708
Multiple Security Vulnerabilities in rdesktop may lead to Execution of Arbitrary Code or Denial of Service (DOS)

Source: CCN
Type: ASA-2008-321
rdesktop security update (RHSA-2008-0576)

Source: CCN
Type: ASA-2008-331
rdesktop security and bug fix update (RHSA-2008-0725)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm

Source: CCN
Type: ASA-2008-360
Multiple Security Vulnerabilities in rdesktop may lead to Execution of Arbitrary Code or Denial of Service (DOS) (Sun 240708)

Source: DEBIAN
Type: UNKNOWN
DSA-1573

Source: DEBIAN
Type: DSA-1573
rdesktop -- several vulnerabilities

Source: CCN
Type: GLSA-200806-04
rdesktop: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:101

Source: CCN
Type: rdesktop Web site
rdesktop: A Remote Desktop Protocol Client

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3886

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3917

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3985

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0575

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0576

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0725

Source: BID
Type: UNKNOWN
29097

Source: CCN
Type: BID-29097
rdesktop Multiple Remote Memory Corruption Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019990

Source: CCN
Type: USN-646-1
rdesktop vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-646-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-1467

Source: VUPEN
Type: UNKNOWN
ADV-2008-2403

Source: XF
Type: UNKNOWN
rdesktop-isorecvmsg-code-execution(42272)

Source: XF
Type: UNKNOWN
rdesktop-isorecvmsg-code-execution(42272)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 05.07.08
Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11570

Source: EXPLOIT-DB
Type: UNKNOWN
5561

Source: SUSE
Type: SUSE-SA:2008:041
openwsman

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20081801
    V
    		CVE-2008-1801
    2022-06-30
    oval:org.opensuse.security:def:113329
    P
    		rdesktop-1.9.0-4.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106738
    P
    		Security update for tomcat (Important)
    2021-11-16
    oval:org.mitre.oval:def:29234
    P
    		RHSA-2008:0575 -- rdesktop security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:17529
    P
    		USN-646-1 -- rdesktop vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20140
    P
    		DSA-1573-1 rdesktop - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7976
    P
    		DSA-1573 rdesktop -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21787
    P
    		ELSA-2008:0575: rdesktop security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11570
    V
    		Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
    2013-04-29
    oval:com.redhat.rhsa:def:20080725
    P
    		RHSA-2008:0725: rdesktop security and bug fix update (Moderate)
    2008-07-25
    oval:com.redhat.rhsa:def:20080575
    P
    		RHSA-2008:0575: rdesktop security update (Moderate)
    2008-07-24
    oval:com.redhat.rhsa:def:20080576
    P
    		RHSA-2008:0576: rdesktop security update (Moderate)
    2008-07-24
    oval:org.debian:def:1573
    V
    		several vulnerabilities
    2008-05-11
    BACK
    rdesktop rdesktop 1.5.0
    rdesktop rdesktop 1.5.0
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    novell opensuse 10.3
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    novell opensuse 11.0