Allele Security Alert
ASA-2019-00055
Identifier(s)
ASA-2019-00055, CVE-2018-8799
Title
Out-of-bounds read in function process_secondary_order()
Vendor(s)
rdesktop team
Product(s)
rdesktop
Affected version(s)
rdesktop versions up to and including v1.8.3
Fixed version(s)
rdesktop v1.8.4
Proof of concept
Unknown
Description
rdesktop versions up to and including v1.8.3 contain an out-of-bounds read in function process_secondary_order() that results in a denial of service (segfault).
Technical details
Unknown
Credits
Eyal Itkin (Checkpoint Research)
Reference(s)
Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Updated ChangeLog and bumped version to 1.8.4
https://github.com/rdesktop/rdesktop/commit/34b8a18fe5d4de795851defe34b3ad3e1f43532b
CVE-2018-8799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8799
CVE-2018-8799
https://nvd.nist.gov/vuln/detail/CVE-2018-8799
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 11, 2019