Showing 1 - 1 of 1

Files

rdesktoppdu-overflow.txt: Posted May 12, 2008; Authored by Guido Landi; rdesktop version 1.5.0 BSS overflow vulnerability proof of concept exploit that makes use of process_redirect_pdu().; tags | exploit, overflow, proof of concept; advisories | CVE-2008-1802; SHA-256 | 39299b146133da963d2f8fb023cf0809ac39058f3595bdef139045ae1aefc64f; Download | Favorite | View

Related Files

iDEFENSE Security Advisory 2008-05-07.2: Posted May 8, 2008; Authored by iDefense Labs | Site idefense.com; iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.; tags | advisory, remote, overflow, arbitrary; advisories | CVE-2008-1802; SHA-256 | 855716896a32d6400b57357a313e7d5671bf6a07c1cef096372236c340ce9ea8; Download | Favorite | View

Page 1 of 1 Back 1 Next