Описание
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Отчет
The severity of this issue is considered moderate rather than important because successful exploitation requires the gnome-remote-desktop service to be actively configured and running in RDP mode, which is not enabled by default in most deployments. While the attack can be performed remotely and without authentication, it relies on sending specially crafted RDP packets that exploit a resource handling flaw, resulting in excessive consumption of system file descriptors and eventual denial of service. However, the vulnerability does not enable code execution, privilege escalation, or compromise of data integrity or confidentiality. The impact is therefore confined to service disruption rather than a direct security breach. Additionally, the attack vector involves sustained resource abuse over time, requiring specific environmental conditions, such as systemd-managed user services with elevated file descriptor limits. This further limits the exploitability in default or hardened configurations. As such, the potential for widespread exploitation is constrained by the need for non-default service activation and prolonged interaction, reducing its overall security impact when compared to vulnerabilities that offer immediate compromise or broader applicability across system roles.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gnome-remote-desktop | Affected | ||
| Red Hat Enterprise Linux 8 | gnome-remote-desktop | Affected | ||
| Red Hat Enterprise Linux 9 | gnome-remote-desktop | Affected |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop li ...
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Уязвимость пакета для удаленного подключения к компьютеру GNOME Remote Desktop, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
7.4 High
CVSS3