Lucene search

Gentoo FoundationGLSA-201210-03

HistoryOct 18, 2012 - 12:00 a.m.

rdesktop: Directory Traversal

2012-10-1800:00:00

Gentoo Foundation

security.gentoo.org

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%

JSON

Background

rdesktop is a Remote Desktop Protocol (RDP) Client.

Description

A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details.

Impact

Remote RDP servers may be able to read or overwrite arbitrary files via a … (dot dot) in a pathname.

Workaround

There is no known workaround at this time.

Resolution

All rdesktop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/rdesktop-1.7.0"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/rdesktop< 1.7.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/rdesktop	< 1.7.0	UNKNOWN

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for GLSA-201210-03