rdesktop security update
A malicious server could access any file on clients
connecting to it if the client shared some ressource
(CVE-2011-1595).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4545
Fixed bugs
bnc#689029
VUL-0: rdesktop arbitrary file access
bnc#578859
rdesktop session uses icon with red X
CVE#CVE-2011-1595
Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.
