rdesktop version 1.5.0 BSS overflow vulnerability proof of concept exploit that makes use of process_redirect_pdu().
39299b146133da963d2f8fb023cf0809ac39058f3595bdef139045ae1aefc64f
iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
855716896a32d6400b57357a313e7d5671bf6a07c1cef096372236c340ce9ea8