Novell Home

CVE-2011-1595

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-1595 at MITRE

Description

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

NVD CVSS v2 Base Score: 4.3 (AV:A/AC:H/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 689029

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4 DEBUGINFO
  • rdesktop-debuginfo >= 1.6.0-46.47.1
  • rdesktop-debugsource >= 1.6.0-46.47.1
openSUSE 11.4
  • rdesktop >= 1.6.0-46.47.1
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • rdesktop >= 1.6.0-39.6.2
sle10-sp4-sdk.x86
sle10-sp4-sdk.ia64
sle10-sp4-sdk.ppc
sled10-sp4.x86
sle10-sp4-sdk.x86-64
sled10-sp4.x86-64
sle10-sp4-sdk.s390x
ZYPP Patch Nr: 7525
openSUSE 11.3
  • rdesktop-debuginfo >= 1.6.0-43.2.1
  • rdesktop-debugsource >= 1.6.0-43.2.1
openSUSE 11.3
  • rdesktop >= 1.6.0-43.2.1
SLE 11 SP1 DEBUGINFO
  • rdesktop-debuginfo >= 1.6.0-39.11.1
  • rdesktop-debugsource >= 1.6.0-39.11.1
sled11-sp1.x86
sled11-sp1.x86-64
SAT Patch Nr: 4547
SUSE Linux Enterprise Desktop 11 SP1
  • rdesktop >= 1.6.0-39.11.1
sled11-sp1.x86
sled11-sp1.x86-64
SAT Patch Nr: 4547

© 2014 Novell