CVE-2011-1595

Publication date 19 May 2011

Last updated 24 July 2024

Ubuntu priority

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rdesktop	11.04 natty	Fixed 1.6.0-3ubuntu4.1
	10.10 maverick	Fixed 1.6.0-3ubuntu2.1
	10.04 LTS lucid	Fixed 1.6.0-2ubuntu3.1
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

PoC in bug

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
rdesktop	Upstream: http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1136-1
rdesktop vulnerability
25 May 2011

Other references

https://rhn.redhat.com/errata/RHSA-2011-0506.html
https://www.cve.org/CVERecord?id=CVE-2011-1595