#VU45030 Path traversal in rdesktop


Published: 2011-05-25 | Updated: 2020-08-11

Vulnerability identifier: #VU45030

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2011-1595

CWE-ID: CWE-22

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
rdesktop
Server applications / Other server solutions

Vendor: rdesktop.org

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled,. A remote authenticated attacker can send a specially crafted HTTP request and remote RDP servers to read or overwrite arbitrary files via a . (dot dot) in a pathname.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

rdesktop: 1.0.0 - 1.5.0

External links
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html
http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626
http://secunia.com/advisories/44881
http://secunia.com/advisories/51023
http://security.gentoo.org/glsa/glsa-201210-03.xml
http://securitytracker.com/id?1025525
http://sourceforge.net/mailarchive/message.php?msg_id=27376554
http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download
http://www.mandriva.com/security/advisories?name=MDVSA-2011:102
http://www.securityfocus.com/bid/47419
http://www.ubuntu.com/usn/USN-1136-1
http://bugzilla.redhat.com/show_bug.cgi?id=676252
http://rhn.redhat.com/errata/RHSA-2011-0506.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for rdesktop
Path traversal in rdesktop
Slackware Linux update for rdesktop