Note: This is an archival copy of Security Sun Alert 240708 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019536.1.
Date of Preliminary Release
Date of Resolved Release
Multiple Security Vulnerabilities in rdesktop May Lead to Execution of Arbitrary Code or Denial of Service (DOS)
Multiple security vulnerabilities in the Remote Desktop Protocol (RDP) Client (rdesktop.1) may allow remote unprivileged users to execute arbitrary code with the permissions of the local user or lead to a Denial of Service (DoS) if rdesktop is used to connect to an untrusted RDP server.
These issues are described in the following documents:
CVE-2008-1801 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
CVE-2008-1802 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802
CVE-2008-1803 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
2. Contributing Factors
These issues can occur in the following releases:
1. Solaris 8, 9 and 10 are not affected by these issues.
2. Only OpenSolaris installations including the affected binary "/usr/bin/rdesktop" are impacted by this issue.
3. OpenSolaris distributions may include additional bug fixes above and beyond the base build from which it was derived.
The base build can be derived as follows:
$ uname -a
There are no predictable symptoms that would indicate these issues have been exploited to execute arbitrary code or cause a Denial of Service (DoS).
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
For more information
on Security Sun Alerts, see 1009886.1.
16-Sep-2008: Updated Contributing Factors and Resolution sections, Resolved
This solution has no attachment