CVE-2018-8794: Integer Overflow
First published: Tue Feb 05 2019(Updated: )
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/rdesktop | 1.8.6-2 1.9.0-2 | |
| Ubuntu Desktop File Utils | <=1.8.3 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| SUSE Linux | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2
- https://security-tracker.debian.org/tracker/CVE-2018-8794
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html
- http://www.securityfocus.com/bid/106938
- https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1
- https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html
- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
- https://security.gentoo.org/glsa/201903-06
- https://www.debian.org/security/2019/dsa-4394
Frequently Asked Questions
What is the severity of CVE-2018-8794?
CVE-2018-8794 is classified as a critical vulnerability due to the potential for remote code execution and memory corruption.
How do I fix CVE-2018-8794?
To fix CVE-2018-8794, update rdesktop to version 1.8.6-2 or later, or 1.9.0-2 or later depending on your system.
What will happen if I leave CVE-2018-8794 unpatched?
Leaving CVE-2018-8794 unpatched may allow an attacker to exploit the integer overflow, leading to memory corruption and potentially taking control of the affected system.
Which versions of rdesktop are affected by CVE-2018-8794?
Versions of rdesktop up to and including v1.8.3 are affected by CVE-2018-8794.
Is CVE-2018-8794 present in Debian Linux distributions?
Yes, CVE-2018-8794 affects Debian Linux versions 8.0 and 9.0 when using the vulnerable rdesktop package.
- collector/security-tracker-debian
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/rdesktop
- canonical/ubuntu desktop file utils
- version/ubuntu desktop file utils/1.8.3
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1