Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386219 (CVE-2011-0900)

Summary: net-misc/tsclient: multiple vulnerabilities (CVE-2011-{0900,0901})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: flameeyes, gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 508854    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 01:14:14 UTC 
CVE-2011-0901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0901):
  Multiple stack-based buffer overflows in the tsc_launch_remote function
  (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly
  other versions, allow user-assisted remote attackers to execute arbitrary
  code via a .RDP file with a long (1) username, (2) password, or (3) domain
  argument.  NOTE: the provenance of this information is unknown; the details
  are obtained solely from third party information.

CVE-2011-0900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0900):
  Stack-based buffer overflow in the tsc_launch_remote function
  (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly
  other versions, allows user-assisted remote attackers to execute arbitrary
  code via a .RDP file with a long hostname argument.
Comment 1 Pacho Ramos gentoo-dev 2014-06-01 11:42:03 UTC 
will kill this with the rest of gnome2
Comment 2 Pacho Ramos gentoo-dev 2014-11-13 12:33:10 UTC 
package was removed
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-09 19:39:21 UTC 
Should we make this part of a super GLSA?