Red Hat Product Errata RHSA-2008:0725 - Security Advisory

Issued:: 2008-04-16
Updated:: 2008-07-24

RHSA-2008:0725 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: rdesktop security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated rdesktop packages that fix a security issue and a bug are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

rdesktop is an open source client for Microsoft Windows NT Terminal Server
and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively
using the Remote Desktop Protocol (RDP) to present the user's NT desktop.
No additional server extensions are required.

An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victim's rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)

Additionally, the following bug was fixed:

A missing command line option caused rdesktop to fail when using the krdc
remote desktop utility. Using krdc to connect to a terminal server resulted
in errors such as the following:

The version of rdesktop you are using ([version]) is too old:

rdesktop [version] or greater is required. A working patch for rdesktop
[version] can be found in KDE CVS.

In this updated package, krdc successfully connects to terminal servers.

Users of rdesktop should upgrade to these updated packages, which contain a
backported patches to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 164462 - krdc requires rdesktop > 1.3.1
BZ - 445825 - CVE-2008-1801 rdesktop: iso_recv_msg() Integer Underflow Vulnerability

CVEs

CVE-2008-1801

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
rdesktop-1.3.1-9.src.rpm	SHA-256: e5adf956236640d25b688d22a5955a78a7e2f1426a30e3b47dc84408b2fce97c
x86_64
rdesktop-1.3.1-9.x86_64.rpm	SHA-256: 2acd7cdea5f4de4a81ba64cf52a824042a2c00a99e776a2021fe9095e8c49eb2
rdesktop-1.3.1-9.x86_64.rpm	SHA-256: 2acd7cdea5f4de4a81ba64cf52a824042a2c00a99e776a2021fe9095e8c49eb2
ia64
rdesktop-1.3.1-9.ia64.rpm	SHA-256: f34fd4054b877f51350e2a3df2d2b340621af2f3f29518b8fe401b387275c274
rdesktop-1.3.1-9.ia64.rpm	SHA-256: f34fd4054b877f51350e2a3df2d2b340621af2f3f29518b8fe401b387275c274
i386
rdesktop-1.3.1-9.i386.rpm	SHA-256: b0886e260a5193a27dfb6c6e87d633d81f812358a2403004c8d4ad5420c32ad9
rdesktop-1.3.1-9.i386.rpm	SHA-256: b0886e260a5193a27dfb6c6e87d633d81f812358a2403004c8d4ad5420c32ad9

Red Hat Enterprise Linux Workstation 4

SRPM
rdesktop-1.3.1-9.src.rpm	SHA-256: e5adf956236640d25b688d22a5955a78a7e2f1426a30e3b47dc84408b2fce97c
x86_64
rdesktop-1.3.1-9.x86_64.rpm	SHA-256: 2acd7cdea5f4de4a81ba64cf52a824042a2c00a99e776a2021fe9095e8c49eb2
ia64
rdesktop-1.3.1-9.ia64.rpm	SHA-256: f34fd4054b877f51350e2a3df2d2b340621af2f3f29518b8fe401b387275c274
i386
rdesktop-1.3.1-9.i386.rpm	SHA-256: b0886e260a5193a27dfb6c6e87d633d81f812358a2403004c8d4ad5420c32ad9

Red Hat Enterprise Linux Desktop 4

SRPM
rdesktop-1.3.1-9.src.rpm	SHA-256: e5adf956236640d25b688d22a5955a78a7e2f1426a30e3b47dc84408b2fce97c
x86_64
rdesktop-1.3.1-9.x86_64.rpm	SHA-256: 2acd7cdea5f4de4a81ba64cf52a824042a2c00a99e776a2021fe9095e8c49eb2
i386
rdesktop-1.3.1-9.i386.rpm	SHA-256: b0886e260a5193a27dfb6c6e87d633d81f812358a2403004c8d4ad5420c32ad9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
rdesktop-1.3.1-9.src.rpm	SHA-256: e5adf956236640d25b688d22a5955a78a7e2f1426a30e3b47dc84408b2fce97c
s390x
rdesktop-1.3.1-9.s390x.rpm	SHA-256: 022fb683089242d95f443110515857eae50f3504bc4441af1fa7bf153d0a9506
s390
rdesktop-1.3.1-9.s390.rpm	SHA-256: 519e5b831daad0e5cada29a926b70dce3107f69bc859c8d7e028577b8404c977

Red Hat Enterprise Linux for Power, big endian 4

SRPM
rdesktop-1.3.1-9.src.rpm	SHA-256: e5adf956236640d25b688d22a5955a78a7e2f1426a30e3b47dc84408b2fce97c
ppc
rdesktop-1.3.1-9.ppc.rpm	SHA-256: 7778192b34c2489613caeddaff1966800dcc45d26a3f41ab8afdabff1dbbb982

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories