Rdesktop: Remote Control with Security Holes

May 09, 2008

Security researchers iDefense have disclosed three vulnerabilities in the Rdesktop Remote Client.

The Rdesktop RDP client has three different vulnerabilities that are open to remote code injection attacks.

The Remote Desktop Protocol (RDP) was created by Microsoft as a basis for terminal services and is also used for remote maintenance of computers.

The first vulnerability is hidden in the "iso.c" file. An integer underflow bug triggers a heap-based buffer overflow on processing manipulated RDP requests. An input validation error in "rdp.c" results in a BSS-based buffer overflow triggered by redirect requests, and an error in the "xrealloc()" function also leads to a heap-based buffer overflow .

According to iDenfense the errors affect Rdesktop version 1.5.0, which was released in September 2006. Earlier versions of the application may be affected. The Rdesktop developers have already removed the vulnerabilities on the CVS. Regular users are thus advised to build the RDP client from the current source code. Users who prefer to avoid the overhead, are advised to reject incoming offers of support from unknown sources.

Related content

comments powered by Disqus

Issue 168/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News