Full Report
Rdesktop before version 1.8.5 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial-of-service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.
Analysis Summary
# Vulnerability: Multiple Out-of-Bounds Read Flaws in Rdesktop
## CVE Details
- **CVE ID:** CVE-2019-15682
- **CVSS Score:** 7.5 (High) - *Note: While the article text mentions 0.0, the provided CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and standard NVD ratings confirm 7.5 High.*
- **CWE:** CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:** Rdesktop (Open-source Remote Desktop Protocol client)
- **Versions:** All versions prior to 1.8.5
- **Configurations:** Systems running Rdesktop to connect to remote RDP servers (vulnerability is triggered during the processing of session data).
## Vulnerability Description
Rdesktop contains multiple out-of-bounds read vulnerabilities within its source code. These flaws occur when the application improperly validates the boundaries of data buffers received over the network. Because the software may attempt to read memory beyond the allocated buffer when parsing RDP protocol packets, it leads to memory corruption or segmentation faults, effectively crashing the client application.
## Exploitation
- **Status:** PoC available
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (The primary impact is a Denial-of-Service condition via application crash).
## Remediation
### Patches
- **Upgrade to Rdesktop version 1.8.5 or newer.** This version contains the necessary bounds-checking logic to prevent the out-of-bounds access.
### Workarounds
- **Trusted Connections:** Only use Rdesktop to connect to known, trusted RDP servers.
- **Network Segmentation:** Restrict outbound RDP traffic to authorized servers only to minimize the risk of connecting to a malicious or compromised host.
## Detection
- **Indicators of Compromise:** Frequent, unexplained crashes of the `rdesktop` process when attempting to establish or maintain a session.
- **Detection Methods and Tools:**
- Use system log analysis (e.g., `dmesg` or `/var/log/syslog` on Linux) to identify segmentation faults related to the rdesktop binary.
- Vulnerability scanners (e.g., Nessus, OpenVAS) can check the installed version of Rdesktop against the patched 1.8.5 baseline.
## References
- **Kaspersky ICS CERT Advisory:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
- **NVD CVE-2019-15682:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2019-15682
- **Rdesktop GitHub Repository:** hxxps[://]github[.]com/rdesktop/rdesktop