[Xrdp-devel] xrdp - Common Vulnerabilities and Exposures

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Xrdp-devel] xrdp - Common Vulnerabilities and Exposures

Tim Lank
Xrdp development Team,

Please reply about the status of xrdp resolving these vulnerabilities
and exposures....

    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5904
        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
        buffer overflow

    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5903
        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
        remote attackers can execute arbitrary code

    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5902
        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
        buffer overflow

AV:   Access vector = Network
AC:  Access Complexity (required attack complexity) = Low
Au:  Authentication Required to Exploit = none
C:  Confidentiality Impact = partial
I:  Integrity Impact = partial
A:  Availability Impact = partial

Thank you in advance for your assistance.

Tim Lank

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
xrdp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Xrdp-devel] xrdp - Common Vulnerabilities and Exposures

Itamar Reis Peixoto
On Mon, Jun 21, 2010 at 3:27 PM, Tim Lank <[hidden email]> wrote:

> Xrdp development Team,
>
> Please reply about the status of xrdp resolving these vulnerabilities
> and exposures....
>
>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5904
>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>        buffer overflow
>
>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5903
>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>        remote attackers can execute arbitrary code
>
>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5902
>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>        buffer overflow
>
> AV:   Access vector = Network
> AC:  Access Complexity (required attack complexity) = Low
> Au:  Authentication Required to Exploit = none
> C:  Confidentiality Impact = partial
> I:  Integrity Impact = partial
> A:  Availability Impact = partial
>
> Thank you in advance for your assistance.
>
> Tim Lank


I think most of the people are using the cvs version




--
------------

Itamar Reis Peixoto

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
xrdp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Xrdp-devel] xrdp - Common Vulnerabilities and Exposures

Tim Lank
On Tue, Jun 22, 2010 at 6:39 PM, Itamar Reis Peixoto
<[hidden email]> wrote:

> On Mon, Jun 21, 2010 at 3:27 PM, Tim Lank <[hidden email]> wrote:
>> Xrdp development Team,
>>
>> Please reply about the status of xrdp resolving these vulnerabilities
>> and exposures....
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5904
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        buffer overflow
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5903
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        remote attackers can execute arbitrary code
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5902
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        buffer overflow
>>
>> AV:   Access vector = Network
>> AC:  Access Complexity (required attack complexity) = Low
>> Au:  Authentication Required to Exploit = none
>> C:  Confidentiality Impact = partial
>> I:  Integrity Impact = partial
>> A:  Availability Impact = partial
>>
>> Thank you in advance for your assistance.
>>
>> Tim Lank
>
>
> I think most of the people are using the cvs version
>
>
>
>
> --
> ------------
>
> Itamar Reis Peixoto
>

So are these resolved in the cvs version (i.e. post v0.4.1)?

Tim

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
xrdp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Xrdp-devel] xrdp - Common Vulnerabilities and Exposures

Tim Lank
In reply to this post by Itamar Reis Peixoto
On Tue, Jun 22, 2010 at 6:39 PM, Itamar Reis Peixoto
<[hidden email]> wrote:

> On Mon, Jun 21, 2010 at 3:27 PM, Tim Lank <[hidden email]> wrote:
>> Xrdp development Team,
>>
>> Please reply about the status of xrdp resolving these vulnerabilities
>> and exposures....
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5904
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        buffer overflow
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5903
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        remote attackers can execute arbitrary code
>>
>>    .) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5902
>>        CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
>>        buffer overflow
>>
>> AV:   Access vector = Network
>> AC:  Access Complexity (required attack complexity) = Low
>> Au:  Authentication Required to Exploit = none
>> C:  Confidentiality Impact = partial
>> I:  Integrity Impact = partial
>> A:  Availability Impact = partial
>>
>> Thank you in advance for your assistance.
>>
>> Tim Lank
>
>
> I think most of the people are using the cvs version
>
>
>
>
> --
> ------------
>
> Itamar Reis Peixoto
>

So are these resolved in the cvs version (i.e. post v0.4.1)?

Tim

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
xrdp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel