Joined: 12 May 2004
|Posted: Fri Oct 19, 2012 12:26 am Post subject: [ GLSA 201210-03 ] rdesktop: Directory Traversal
|Gentoo Linux Security Advisory
Title: rdesktop: Directory Traversal (GLSA 201210-03)
Date: October 18, 2012
A vulnerability which allows a remote attacking server to read or
overwrite arbitrary files has been found in rdesktop.
rdesktop is a Remote Desktop Protocol (RDP) Client.
Vulnerable: < 1.7.0
Unaffected: >= 1.7.0
Architectures: All supported architectures
A vulnerability has been discovered in rdesktop. Please review the CVE
identifier referenced below for details.
Remote RDP servers may be able to read or overwrite arbitrary files via
a .. (dot dot) in a pathname.
There is no known workaround at this time.
All rdesktop users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0"