Secunia: Description: Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow. 2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow. 3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server. The vulnerabilities are reported in version 1.5.0. Other versions may also be affected. Solution: Fixed in the CVS repository. http://rdesktop.cvs.sourceforge.net/r...p;diff_format=h&pathrev=HEAD#l101 http://rdesktop.cvs.sourceforge.net/r...annotate=1.102&pathrev=HEAD#l1337 http://rdesktop.cvs.sourceforge.net/r...amp;tr2=1.118&diff_format=h#l1134 Original Advisory: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=698
PoCs: http://milw0rm.com/exploits/5561 http://milw0rm.com/exploits/5585 Martin is retiring per bug #159513, so I bumped to the freshly released 1.6.0. It contains all the fixes "linked" above.
Arches, please test and mark stable: =net-misc/rdesktop-1.6.0 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
ppc64 stable
amd64/x86 stable
Stable for HPPA.
Sparc done.
ppc stable
ia64 stable, Tobias will do alpha later today
Stable on alpha.
Fixed in release snapshot.
GLSA 200806-04