4.3 - GLSA-201210-03

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	rdesktop: Directory Traversal

Informations
Name	GLSA-201210-03	First vendor Publication	2012-10-18
Vendor	Gentoo	Last vendor Modification	2012-10-18
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.3	Attack Range	Adjacent network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	3.2	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability which allows a remote attacking server to read or overwrite arbitrary files has been found in rdesktop.

Background

rdesktop is a Remote Desktop Protocol (RDP) Client.

Description

A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details.

Impact

Remote RDP servers may be able to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

Workaround

There is no known workaround at this time.

Resolution

All rdesktop users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0"

References

[ 1 ] CVE-2011-1595 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1595

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201210-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201210-03.xml

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13823

Oval ID:	oval:org.mitre.oval:def:13823
Title:	USN-1136-1 -- rdesktop vulnerability
Description:	rdesktop: RDP client for Windows NT/2000 Terminal Server An attacker could access your files if rdesktop connected to a malicious server.
Family:	unix	Class:	patch
Reference(s):	USN-1136-1 CVE-2011-1595	Version:	5
Platform(s):	Ubuntu 10.10 Ubuntu 10.04	Product(s):	rdesktop
Definition Synopsis:
Release section Ubuntu 10.10 is installed AND Installed architecture is all AND rdesktop DPKG is earlier than 1.6.0-3ubuntu2.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND rdesktop DPKG is earlier than 1.6.0-2ubuntu3.1

Definition Id: oval:org.mitre.oval:def:21920

Oval ID:	oval:org.mitre.oval:def:21920
Title:	RHSA-2011:0506: rdesktop security update (Moderate)
Description:	Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0506-01 CVE-2011-1595 CESA-2011:0506-CentOS 5	Version:	6
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	rdesktop
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x AND rdesktop is earlier than 0:1.6.0-3.el5_6.2 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section rdesktop is earlier than 0:1.6.0-8.el6_0.1 AND rdesktop-debuginfo is earlier than 0:1.6.0-8.el6_0.1

Definition Id: oval:org.mitre.oval:def:23586

Oval ID:	oval:org.mitre.oval:def:23586
Title:	ELSA-2011:0506: rdesktop security update (Moderate)
Description:	Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0506-01 CVE-2011-1595	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	rdesktop
Definition Synopsis:
rdesktop is earlier than 0:1.6.0-8.el6_0.1 AND Oracle Linux 6.x

Definition Id: oval:org.mitre.oval:def:27640

Oval ID:	oval:org.mitre.oval:def:27640
Title:	DEPRECATED: ELSA-2011-0506 -- rdesktop security update (moderate)
Description:	[1.6.0-8.1] - Prevent remote file access (#676252)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0506 CVE-2011-1595	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	rdesktop
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x AND rdesktop is earlier than 0:1.6.0-3.el5_6.2 AND Oracle Linux 6 release section Oracle Linux 6.x AND rdesktop is earlier than 0:1.6.0-8.el6_0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Rdesktop cpe:2.3:a:rdesktop:rdesktop:1.5.0:::::::* cpe:2.3:a:rdesktop:rdesktop:1.4.1:::::::* cpe:2.3:a:rdesktop:rdesktop:1.4.0:::::::* cpe:2.3:a:rdesktop:rdesktop:1.3.1:::::::* cpe:2.3:a:rdesktop:rdesktop:1.3.0:::::::* cpe:2.3:a:rdesktop:rdesktop:1.2.0:::::::* cpe:2.3:a:rdesktop:rdesktop:1.1.0:::::::* cpe:2.3:a:rdesktop:rdesktop:1.0.0:::::::*	8

OpenVAS Exploits

Date	Description
2012-10-22	Name : Gentoo Security Advisory GLSA 201210-03 (rdesktop) File : nvt/glsa_201210_03.nasl
2012-07-30	Name : CentOS Update for rdesktop CESA-2011:0506 centos5 x86_64 File : nvt/gb_CESA-2011_0506_rdesktop_centos5_x86_64.nasl
2011-08-09	Name : CentOS Update for rdesktop CESA-2011:0506 centos5 i386 File : nvt/gb_CESA-2011_0506_rdesktop_centos5_i386.nasl
2011-07-12	Name : Fedora Update for rdesktop FEDORA-2011-7688 File : nvt/gb_fedora_2011_7688_rdesktop_fc15.nasl
2011-06-10	Name : Fedora Update for rdesktop FEDORA-2011-7694 File : nvt/gb_fedora_2011_7694_rdesktop_fc13.nasl
2011-06-10	Name : Fedora Update for rdesktop FEDORA-2011-7697 File : nvt/gb_fedora_2011_7697_rdesktop_fc14.nasl
2011-06-03	Name : Mandriva Update for rdesktop MDVSA-2011:102 (rdesktop) File : nvt/gb_mandriva_MDVSA_2011_102.nasl
2011-06-03	Name : Ubuntu Update for rdesktop USN-1136-1 File : nvt/gb_ubuntu_USN_1136_1.nasl
2011-05-17	Name : RedHat Update for rdesktop RHSA-2011:0506-01 File : nvt/gb_RHSA-2011_0506-01_rdesktop.nasl
0000-00-00	Name : Slackware Advisory SSA:2011-110-01 rdesktop File : nvt/esoft_slk_ssa_2011_110_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
72301	rdesktop Disk Redirection Traversal Arbitrary File Manipulation rdesktop contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the disk redirection feature not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_rdesktop-110512.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_rdesktop-110512.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0506.nasl - Type : ACT_GATHER_INFO
2012-10-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-03.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20110511_rdesktop_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_rdesktop-7525.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1136-1.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote Fedora host is missing a security update. File : fedora_2011-7694.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote Fedora host is missing a security update. File : fedora_2011-7697.nasl - Type : ACT_GATHER_INFO
2011-06-06	Name : The remote Fedora host is missing a security update. File : fedora_2011-7688.nasl - Type : ACT_GATHER_INFO
2011-05-31	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-102.nasl - Type : ACT_GATHER_INFO
2011-05-25	Name : The remote SuSE 11 host is missing a security update. File : suse_11_rdesktop-110512.nasl - Type : ACT_GATHER_INFO
2011-05-12	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0506.nasl - Type : ACT_GATHER_INFO
2011-05-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0506.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-110-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:37:37	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	8
osvdb(s)	1
Openvas Exploit(s)	10
Nessus® Exploit(s)	15

	Related
4.3	CVE-2011-1595
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)