Vulnerability CVE-2018-20174: Information

Description

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-20174
Published: March 15, 2019
Modified: March 21, 2019
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rdesktopsisyphus1.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp101.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopp91.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed
rdesktopc10f11.8.4-alt11.9.0-alt1ALT-PU-2019-2898-1239159Fixed
rdesktopc9f21.9.0-alt11.9.0-alt1ALT-PU-2020-1636-1248614Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
  • Exploit
  • Third Party Advisory
https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
  • Patch
  • Third Party Advisory
DSA-4394
    GLSA-201903-06
      [debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update
        106938
          openSUSE-SU-2019:2135

              1. Configuration 1

                cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*
                End including
                1.8.3
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.1
            Back to top