Vulnerabilities > CVE-2008-5903 - Numeric Errors vulnerability in Xrdp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_1_XRDP-090121.NASL |
description | This update fixes multiple buffer overflows that can be exploited remotely to execute arbitrary code. (CVE-2008-5902, CVE-2008-5903, CVE-2008-5904) Additionally xrdp does not register remote session as local anymore. Please note, the previous update was missing the patch. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40326 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40326 |
title | openSUSE Security Update : xrdp (xrdp-458) |