| |||||||||||||||||||
Pardus alert 2011-69 (rdesktop)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-69 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-02 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability have been fixed in rdesktop which allows writing, reading and listing the content of the directories, all transparently. Description =========== CVE-2011-1595: Directory Traversal vulnerability which affects an rDesktop client (I believe other products that use the same code will have the same issue), which will allow someone connecting to a compromised server (RDP server) or via a MITM vulnerability to access any file he desires on the user's computer. Affected packages: Pardus 2009: rdesktop, all before 1.7.0-5-5 Resolution ========== There are update(s) for rdesktop. You can update them via Package Manager or with a single command from console: pisi up rdesktop References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17861 * https://bugzilla.redhat.com/show_bug.cgi?id=676252 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||