Arch Linux Security Advisory ASA-201902-5 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 Package : rdesktop Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-871 Summary ======= The package rdesktop before version 1.8.4-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure. Resolution ========== Upgrade to 1.8.4-1. # pacman -Syu "rdesktop>=1.8.4-1" The problems have been fixed upstream in version 1.8.4. Workaround ========== None. Description =========== - CVE-2018-8791 (information disclosure) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function rdpdr_process() that results in an information leak. - CVE-2018-8792 (denial of service) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function cssp_read_tsrequest() that results in a denial of service (segfault). - CVE-2018-8793 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. - CVE-2018-8794 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to an integer overflow that leads to an out-of-bounds write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. - CVE-2018-8795 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to an integer overflow that leads to a heap-based buffer overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. - CVE-2018-8796 (denial of service) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function process_bitmap_updates() that results in a denial of service (segfault). - CVE-2018-8797 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. - CVE-2018-8798 (information disclosure) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function rdpsnd_process_ping() that results in an information leak. - CVE-2018-8799 (denial of service) rdesktop before 1.8.4 is vulnerable to an out-of-bounds read in function process_secondary_order() that results in a denial of service (segfault). - CVE-2018-8800 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to a heap-based buffer overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. - CVE-2018-20174 (information disclosure) rdesktop before 1.8.4 is vulnerable to an information leak in ui_clip_handle_data(). - CVE-2018-20175 (denial of service) rdesktop before 1.8.4 is vulnerable to denial of service in mcs_recv_connect_response() and mcs_parse_domain_params(). - CVE-2018-20176 (denial of service) rdesktop before 1.8.4 is vulnerable to denial of service in sec_parse_crypt_info() and sec_recv(). - CVE-2018-20177 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to a memory corruption issue in rdp_in_unistr() that could lead to arbitrary code execution. - CVE-2018-20178 (denial of service) rdesktop before 1.8.4 is vulnerable to denial of service in process_demand_active(). - CVE-2018-20179 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to remote code execution in lspci_process(). - CVE-2018-20180 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to remote code execution in rdpsnddbg_process(). - CVE-2018-20181 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process(). - CVE-2018-20182 (arbitrary code execution) rdesktop before 1.8.4 is vulnerable to remote code execution in seamless_process_line(). Impact ====== A remote attacker is able to execute arbitrary code, access sensitive information or crash rdesktop when the client connects to a malicious server in control of the attacker. References ========== https://bugs.archlinux.org/task/61652 https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1 https://security.archlinux.org/CVE-2018-8791 https://security.archlinux.org/CVE-2018-8792 https://security.archlinux.org/CVE-2018-8793 https://security.archlinux.org/CVE-2018-8794 https://security.archlinux.org/CVE-2018-8795 https://security.archlinux.org/CVE-2018-8796 https://security.archlinux.org/CVE-2018-8797 https://security.archlinux.org/CVE-2018-8798 https://security.archlinux.org/CVE-2018-8799 https://security.archlinux.org/CVE-2018-8800 https://security.archlinux.org/CVE-2018-20174 https://security.archlinux.org/CVE-2018-20175 https://security.archlinux.org/CVE-2018-20176 https://security.archlinux.org/CVE-2018-20177 https://security.archlinux.org/CVE-2018-20178 https://security.archlinux.org/CVE-2018-20179 https://security.archlinux.org/CVE-2018-20180 https://security.archlinux.org/CVE-2018-20181 https://security.archlinux.org/CVE-2018-20182