CVE-2011-1595

Published May 24, 2011

Last updated 12 years ago

Overview

Description: Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 6.4
Exploitability score: 3.2
Vector string: AV:A/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F05990EC-421A-4C0B-A3C4-3320136EF595",
            "versionEndIncluding": "1.6.0"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B35283A-5FE5-444E-8D5C-866AE976F85B"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C48F188B-1B37-4FEE-9D29-4CC161136898"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A36738D2-D955-475D-8566-B4E41999F67E"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "494305B7-B2CF-49F5-A86A-66AA3FDB1419"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26114425-4477-45D0-955B-380B9C47B4C6"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "950D9B9E-2B0E-4EAE-A867-D39D061CBB0A"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AFEAB76-72CA-4C54-A271-98A88AC5A4FE"
          },
          {
            "criteria": "cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B97D70B-2614-4EDB-A74E-217E42076C66"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References