rdesktop: Directory Traversal — GLSA 201210-03

A vulnerability which allows a remote attacking server to read or overwrite arbitrary files has been found in rdesktop.

Affected Packages

net-misc/rdesktop on all architectures
Affected versions < 1.7.0
Unaffected versions >= 1.7.0

Background

rdesktop is a Remote Desktop Protocol (RDP) Client.

Description

A vulnerability has been discovered in rdesktop. Please review the CVE identifier referenced below for details.

Impact

Remote RDP servers may be able to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

Workaround

There is no known workaround at this time.

Resolution

All rdesktop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.7.0"
 

References

Release Date
October 18, 2012

Latest Revision
October 18, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries