Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1595

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1595
Last Modified 04 Apr 2013 11:01:01
Published 24 May 2011 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1595

Summary

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

Vulnerable Systems

Application

  • Rdesktop 1.0.0

  • Rdesktop 1.1.0

  • Rdesktop 1.2.0

  • Rdesktop 1.3.0

  • Rdesktop 1.3.1

  • Rdesktop 1.4.0

  • Rdesktop 1.4.1

  • Rdesktop 1.5.0

  • Rdesktop 1.6.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=676252

CONFIRM - http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download

CONFIRM - http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626

REDHAT - RHSA-2011:0506

UBUNTU - USN-1136-1

BID - 47419

MANDRIVA - MDVSA-2011:102

MLIST - [rdesktop-announce] 20110418 rdesktop 1.7.0 released

SECTRACK - 1025525

SECUNIA - 44881

FEDORA - FEDORA-2011-7697

FEDORA - FEDORA-2011-7694

FEDORA - FEDORA-2011-7688

SECUNIA - 51023

GENTOO - GLSA-201210-03


Last Updated: 27 May 2016 10:58:34