retitle 511641 xrdp: CVE-2008-590[2-4] arbitrary code execution thanks CVE-2008-5904 was also assigned. So we can sum this up as: CVE-2008-5904[0]: | The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in | xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown | impact via input data that sets crafted values for certain length | variables, leading to a buffer overflow.
CVE-2008-5903[1]: | Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c | in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary | code via vectors that manipulate the value of the edit_pos structure | member. CVE-2008-5902[2]: | Buffer overflow in the xrdp_bitmap_invalidate function in | xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers | to execute arbitrary code via a crafted request. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5904 http://security-tracker.debian.net/tracker/CVE-2008-5904 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5903 http://security-tracker.debian.net/tracker/CVE-2008-5903 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5902 http://security-tracker.debian.net/tracker/CVE-2008-5902 Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpLvzBh40jFW.pgp
Description: PGP signature
