Bug 24797 - rdesktop security issues
Summary: rdesktop security issues
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-10 10:18 CEST by Stig-Ørjan Smelror
Modified: 2019-06-10 13:41 CEST (History)
2 users (show)

See Also:
Source RPM:
CVE:
Status comment: Version 1.8.5 pushed to Cauldron


Attachments

Description Stig-Ørjan Smelror 2019-05-10 10:18:22 CEST
This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling. rdesktop will now detect any attempts to access invalid areas and refuse to continue. Users are advised to upgrade as soon as possible.

A big thank you to Kaspersky Lab and National Cyber Security Centre for identifying these issues.

https://github.com/rdesktop/rdesktop/releases/tag/v1.8.5
Stig-Ørjan Smelror 2019-05-10 10:18:47 CEST

Status comment: (none) => Fixed upstream in 1.8.5

Comment 1 Stig-Ørjan Smelror 2019-05-10 10:35:45 CEST
Advisory
========
This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre.

rdesktop will now detect any attempts to access invalid areas and refuse to continue.


References
==========
https://github.com/rdesktop/rdesktop/releases/tag/v1.8.5

Files
=====

Uploaded to core/updates_testing

rdesktop-1.8.5-1.mga6
from rdesktop-1.8.5-1.mga6.src.rpm

Status comment: Fixed upstream in 1.8.5 => Version 1.8.5 pushed to Cauldron
Assignee: smelror => qa-bugs

Comment 2 Len Lawrence 2019-05-12 18:15:01 CEST
Had endless problems with getting this to run properly in a previous update.  Trying the program before updating.
Selected a target machine - canopus:
Installed xrdp on canopus.
# urpmi xrdp
1/3: vnc-server-common     #############################################
      2/3: tigervnc-server       #############################################
      3/3: xrdp                  #############################################
Generating a RSA private key
.....................................................................................................................................................................+++++
.................................................................................+++++
writing new private key to '/etc/pki/tls/private/xrdp.pem'

# systemctl start xrdp
# systemctl enable xrdp
# systemctl status xrdp
● xrdp.service - xrdp daemon
   Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset:
   Active: active (running) since Sun 2019-05-12 16:26:26 BST; 18s ago
     Docs: man:xrdp(8)
           man:xrdp.ini(5)
 Main PID: 9843 (xrdp)
   CGroup: /system.slice/xrdp.service
           └─9843 /usr/sbin/xrdp --nodaemon

May 12 16:26:26 canopus systemd[1]: Started xrdp daemon.
May 12 16:26:26 canopus xrdp[9843]: (9843)(140305489258624)[INFO ] starting xrdp with pid 9843
May 12 16:26:26 canopus xrdp[9843]: (9843)(140305489258624)[INFO ] listening to port 3389 on 0.0.0.0

Back on local machine:
$ rdesktop -u lcl -d localhost.localdomain -n canopus server 
Autoselected keyboard map en-gb
ERROR: server: unable to connect

Earlier this had been tried:
$ rdesktop server
and a gui popped up.  Clicking connect allowed the target host to be specified, with a username and password for ssh.  That produced a terminal screen for canopus - just like logging in over ssh.  No sign of X.  Exited from that.  Any subsequent attempts to use rdesktop server resulted in "unable to connect".

What we really need is a guide for muffins.  How for instance do you get back to square one?  There is probably a way to select RDP - I imagined that the ssh part was just for authentication but maybe not.

CC: (none) => tarazed25

Comment 3 Len Lawrence 2019-05-12 18:18:05 CEST
Tried removing rdesktop and reinstalling but that had no effect.  'rdesktop server' would not raise the gui.
Comment 4 Len Lawrence 2019-05-12 18:37:18 CEST
Started xrdp service on local machine, modified sesman.ini and started xrdp-sesman service.
$ rdesktop server
No gui...
Comment 5 Len Lawrence 2019-05-12 18:56:12 CEST
From an older bug:
$ rdesktop -u lcl canopus:3389
Autoselected keyboard map en-gb
Connection established using SSL.

That brought up a blank cyan panel which failed to respond to mouse-clicks or keyboard events.
Tried again but chose Xvnc instead of Xorg.  That showed a remote desktop with a konsole and a couple of messages about firefox and Plasma unable to start because of OpenGL 2 problem.
Tried again with the -f fullscreen option, which worked for the gui but failed to show the target desktop at full size.  There was no way to exit - required a remote login from the target machine to kill it.  Investigating the xrdp configuration files....
Comment 6 Len Lawrence 2019-05-12 19:11:19 CEST
Updated rdesktop for mga6, x86_64.

Tried this command:
$ rdesktop -u lcl -g 2560x1440 canopus:3389
Autoselected keyboard map en-gb
Connection established using SSL.
WARNING: Remote desktop changed from 2560x1440 to 800x600.
/dev/dsp: No such file or directory
NOT IMPLEMENTED: data PDU 40
NOT IMPLEMENTED: RDPDR pakid 0x554c of component 0x4472

It worked perfectly for the gui but snapped back to 800x600 for the desktop.  Maybe something needs to be configured at the remote end?  Xvnc maybe - unknown territory again.
Comment 7 Herman Viaene 2019-06-10 12:04:27 CEST
MGA6-32 MATE on IBM-Thinkpad R50e
No installation issues.
Made sure that xrdp is installed and runs on desktop on LAN and port 3389 is opened.
At CLI:
$ rdesktop mach1
Autoselected keyboard map nl-be
Connection established using SSL.
/dev/dsp: Bestand of map bestaat niet
NOT IMPLEMENTED: RDPDR pakid 0x554c of component 0x4472

I get the login screen for the desktop PC, but then a message appears that Plasma (is the default on the desktop PC) needs OpenGL2, but this laptop only supports OpenGL1.3.
If I find some time, I'll try to run Xfce on the desktop PC and check if that makes any difference.

CC: (none) => herman.viaene

Comment 8 Herman Viaene 2019-06-10 13:41:27 CEST
Running Xfce on the remote desktop PC. After logging in, all I get is a black screen with a mouse pointer. No reaction on mouse or keyboard operations.

Note You need to log in before you can comment on or make changes to this bug.