Vulnerabilities > CVE-2008-5903 - Numeric Errors vulnerability in Xrdp

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xrdp
CWE-189
nessus

Summary

Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.

Vulnerable Configurations

Part Description Count
Application
Xrdp
5

Common Weakness Enumeration (CWE)

Nessus

NASL familySuSE Local Security Checks
NASL idSUSE_11_1_XRDP-090121.NASL
descriptionThis update fixes multiple buffer overflows that can be exploited remotely to execute arbitrary code. (CVE-2008-5902, CVE-2008-5903, CVE-2008-5904) Additionally xrdp does not register remote session as local anymore. Please note, the previous update was missing the patch.
last seen2020-06-01
modified2020-06-02
plugin id40326
published2009-07-21
reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/40326
titleopenSUSE Security Update : xrdp (xrdp-458)