In association with heise online

08 May 2008, 12:13

Vulnerabilities in rdesktop allow injected code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider iDefense has reported three security holes in the open source rdesktop project client that allow attackers to foist malicious code on users, for example via a manipulated Remote Desktop Protocol (RDP) server. The rdesktop client is used on Unix operating systems to access Windows Terminal Servers using RDP.

The function xrealloc() carries out a signed comparison test to determine whether a requested allocation size is less than 1 and, if necessary, corrects the size to 1. That can make the reserved memory area too small, resulting in a buffer overflow and execution of injected code. The second vulnerability can be exploited when parsing crafted redirect requests, because the rdesktop client uses several unchecked 32-bit integers from the redirect packet for copying operations into fixed-size buffers. Here too any buffer overflows that occur can lead to the execution of injected code. A heap-based buffer overflow can also occur during the processing of manipulated RDP packets. The rdesktop client uses a 16-bit integer from the packet, subtracts 4 from it and uses the result as the size of a buffer for a copying operation, but an integer underflow may result causing an undersize buffer to be allocated.

The flaws affect rdesktop client's current stable version 1.5.0, and possibly its older versions. The developers have however already eliminated the vulnerabilities in their version control system. Users of the rdesktop client should not accept invitations from strangers to an RDP session. If users have to connect to RDP servers that could be open to manipulation, they should as a minimum download the current source code from the CVS and recompile the client.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-736159
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit