rdp clients - "reverse" (server->client) attacks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

rdp clients - "reverse" (server->client) attacks

Stuart Henderson-6

----- Forwarded message from Stuart Henderson <[hidden email]> -----

From: Stuart Henderson <[hidden email]>
Date: Wed, 6 Feb 2019 07:22:39 -0700 (MST)
To: [hidden email]
Subject: CVS: cvs.openbsd.org: ports

Module name: ports
Changes by: [hidden email] 2019/02/06 07:22:39

Modified files:
        x11/rdesktop   : Makefile distinfo
Removed files:
        x11/rdesktop/patches: patch-rdpdr_c

Log message:
security update to rdesktop-1.8.4
info at https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

----- End forwarded message -----

Note that xfreerdp is also affected by issues mentioned in this writeup
and has received fixes upstream in 2.00rc4, but we are currently stuck at
rc1 as newer versions require timerfd_create().