Rdesktop: Remote Control with Security Holes
Security researchers iDefense have disclosed three vulnerabilities in the Rdesktop Remote Client.
The Rdesktop RDP client has three different vulnerabilities that are open to remote code injection attacks.
The Remote Desktop Protocol (RDP) was created by Microsoft as a basis for terminal services and is also used for remote maintenance of computers.
The first vulnerability is hidden in the "iso.c" file. An integer underflow bug triggers a heap-based buffer overflow on processing manipulated RDP requests. An input validation error in "rdp.c" results in a BSS-based buffer overflow triggered by redirect requests, and an error in the "xrealloc()" function also leads to a heap-based buffer overflow .
According to iDenfense the errors affect Rdesktop version 1.5.0, which was released in September 2006. Earlier versions of the application may be affected. The Rdesktop developers have already removed the vulnerabilities on the CVS. Regular users are thus advised to build the RDP client from the current source code. Users who prefer to avoid the overhead, are advised to reject incoming offers of support from unknown sources.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Another Logic Bug Found in Linux Kernel
Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.
-
Ubuntu Core 26 Offers Game-Changing Enterprise Features
Ubuntu Core 26 could be a game-changer for organizations looking for increased security and reliability.
-
AI Flooding the Linux Kernel Security Mailing List
AI is giving Linus Torvalds a headache, but not in the way you might think.
-
Top Priorities for Open Source Pros Seeking a New Job
Professional fulfillment tops the list, according to LPI report.
-
Container-Based Fedora Hummingbird Designed for Agent-First Builders
Fedora Hummingbird brings the same approach to the host OS as it does to containers to level up security.
-
Linux kernel Developers Considering a Kill Switch
With the rise of Linux vulnerabilities, the kernel developers are now considering adding a component that could help temporarily mitigate against them… in the form of a kill switch.
-
Fedora 44 Now Gaming Ready
The latest version of Fedora has been released with gaming support.
-
Manjaro 26.1 Preview Unveils New Features
The latest Manjaro 26.1 preview has been released with new desktop versions, a new kernel, and more.
-
Microsoft Issues Warning About Linux Vulnerability
The company behind Windows has released information about a flaw that affects millions of Linux systems.
-
Is AI Coming to Your Ubuntu Desktop?
According to the VP of Engineering at Canonical, AI could soon be added to the Ubuntu desktop distribution.