PT-2011-1129 · Rdesktop+1 · Rdesktop+1

Henrik Andersson

Publicado

2011-05-11

Atualizado

2013-04-05

CVE-2011-1595

CVSS v2.0

4.3

Média

Vetor

AV:A/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions rdesktop versions prior to 1.7.0

Description The issue is related to a directory traversal vulnerability in the disk create function in disk.c when disk redirection is enabled. This allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. The vulnerability can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider disabling disk redirection to minimize the risk of exploitation. Restrict access to the disk create function in disk.c until a patch is available. Avoid using the disk create function when disk redirection is enabled until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2015-06862

BDU:2015-06863

BDU:2015-08740

BDU:2015-08741

BDU:2015-09655

CVE-2011-1595

RHSA-2011:0506

RHSA-2011_0506

Produtos afetados

Red Hat

Rdesktop

PT-2011-1129 · Rdesktop+1 · Rdesktop+1

CVE-2011-1595

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28