GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Oct 19, 2012 12:26 am Post subject: [ GLSA 201210-03 ] rdesktop: Directory Traversal |
 |
|
Gentoo Linux Security Advisory
Title: rdesktop: Directory Traversal (GLSA 201210-03)
Severity: normal
Exploitable: remote
Date: October 18, 2012
Bug(s): #364191
ID: 201210-03
Synopsis
A vulnerability which allows a remote attacking server to read or
overwrite arbitrary files has been found in rdesktop.
Background
rdesktop is a Remote Desktop Protocol (RDP) Client.
Affected Packages
Package: net-misc/rdesktop
Vulnerable: < 1.7.0
Unaffected: >= 1.7.0
Architectures: All supported architectures
Description
A vulnerability has been discovered in rdesktop. Please review the CVE
identifier referenced below for details.
Impact
Remote RDP servers may be able to read or overwrite arbitrary files via
a .. (dot dot) in a pathname.
Workaround
There is no known workaround at this time.
Resolution
All rdesktop users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0"
|
References
CVE-2011-1595 |
|
News & Announcements
