Referenced CVEs:
CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
Description:
=========================================================== Ubuntu Security Notice USN-646-1 September 18, 2008rdesktop vulnerabilitiesCVE-2008-1801, CVE-2008-1802, CVE-2008-1803===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: rdesktop 1.4.1-1.1ubuntu0.6.06.1Ubuntu 7.04: rdesktop 1.5.0-1ubuntu1.1Ubuntu 7.10: rdesktop 1.5.0-2ubuntu0.1Ubuntu 8.04 LTS: rdesktop 1.5.0-3+cvs20071006ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that rdesktop did not properly validate the lengthof packet headers when processing RDP requests. If a user were trickedinto connecting to a malicious server, an attacker could cause adenial of service or possible execute arbitrary code with theprivileges of the user. (CVE-2008-1801)Multiple buffer overflows were discovered in rdesktop when processingRDP redirect requests. If a user were tricked into connecting to amalicious server, an attacker could cause a denial of service orpossible execute arbitrary code with the privileges of the user.(CVE-2008-1802)It was discovered that rdesktop performed a signed integer comparisonwhen reallocating dynamic buffers which could result in a heap-basedoverflow. If a user were tricked into connecting to a maliciousserver, an attacker could cause a denial of service or possibleexecute arbitrary code with the privileges of the user.(CVE-2008-1802)
More...
