CVE-2011-1595

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
24/05/2011
Last modified:
11/04/2025

Description

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:* 1.6.0 (including)
cpe:2.3:a:rdesktop:rdesktop:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rdesktop:rdesktop:1.5.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools