CentOS 5 : rdesktop (CESA-2011:0506)

🗓️ 12 May 2011 00:00:00Reported by TenableType

Updated rdesktop package available for CentOS 5 and 6, fixes a directory traversal flaw

Reporter	Title	Published	Views	Family All 59
Cent OS	rdesktop security update	12 May 201103:05	–	centos
CVE	CVE-2011-1595	24 May 201123:00	–	cve
Cvelist	CVE-2011-1595	24 May 201123:00	–	cvelist
Debian CVE	CVE-2011-1595	24 May 201123:00	–	debiancve
Oracle linux	rdesktop security update	11 May 201100:00	–	oraclelinux
EUVD	EUVD-2011-1595	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 14 Update: rdesktop-1.6.0-11.fc14	9 Jun 201100:06	–	fedora
Fedora	[SECURITY] Fedora 13 Update: rdesktop-1.6.0-10.fc13	9 Jun 201100:04	–	fedora
Fedora	[SECURITY] Fedora 15 Update: rdesktop-1.6.0-12.fc15	4 Jun 201102:59	–	fedora
Tenable Nessus	Fedora 15 : rdesktop-1.6.0-12.fc15 (2011-7688)	6 Jun 201100:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2011:0506 and 
# CentOS Errata and Security Advisory 2011:0506 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(53871);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2011-1595");
  script_bugtraq_id(47419);
  script_xref(name:"RHSA", value:"2011:0506");

  script_name(english:"CentOS 5 : rdesktop (CESA-2011:0506)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated rdesktop package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

rdesktop is a client for the Remote Desktop Server (previously,
Terminal Server) in Microsoft Windows. It uses the Remote Desktop
Protocol (RDP) to remotely present a user's desktop.

A directory traversal flaw was found in the way rdesktop shared a
local path with a remote server. If a user connects to a malicious
server with rdesktop, the server could use this flaw to cause rdesktop
to read and write to arbitrary, local files accessible to the user
running rdesktop. (CVE-2011-1595)

Red Hat would like to thank Cendio AB for reporting this issue. Cendio
AB acknowledges an anonymous contributor working with the SecuriTeam
Secure Disclosure program as the original reporter.

Users of rdesktop should upgrade to this updated package, which
contains a backported patch to resolve this issue."
  );
  # https://lists.centos.org/pipermail/centos-announce/2011-May/017557.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?49b81e49"
  );
  # https://lists.centos.org/pipermail/centos-announce/2011-May/017558.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?caa11b24"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rdesktop package."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rdesktop");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"rdesktop-1.6.0-3.el5_6.2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rdesktop");
}

04 Jan 2021 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 24.3

EPSS0.00325