CVE-2008-1803

Name of the Vulnerable Software and Affected Versions rdesktop versions prior to 1.6.0 rdesktop version 1.5.0 rdesktop version 1.4.1

Description The issue concerns multiple vulnerabilities in the rdesktop package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can lead to arbitrary code execution via a heap-based overflow due to an integer signedness error in the xrealloc function. This error is located in the rdesktop.c file and can be triggered by unknown parameters.

Recommendations For rdesktop versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. For rdesktop version 1.5.0, consider disabling the xrealloc function in rdesktop.c as a temporary workaround until a patch is available. For rdesktop version 1.4.1, restrict access to the vulnerable package to minimize the risk of exploitation until a patch is available. As a general mitigation measure, restrict access to the rdesktop package and its components to minimize the risk of exploitation.