Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:102 (rdesktop)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69679

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:102 (rdesktop)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to rdesktop
announced via advisory MDVSA-2011:102.

A vulnerability has been identified and fixed in rdesktop:

Directory traversal vulnerability in the disk_create function in
disk.c in rdesktop before 1.7.0, when disk redirection is enabled,
allows remote RDP servers to read or overwrite arbitrary files via
a .. (dot dot) in a pathname (CVE-2011-1595).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:102

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1595
1025525
http://securitytracker.com/id?1025525
44881
http://secunia.com/advisories/44881
47419
http://www.securityfocus.com/bid/47419
51023
http://secunia.com/advisories/51023
FEDORA-2011-7688
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html
FEDORA-2011-7694
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html
FEDORA-2011-7697
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html
GLSA-201210-03
http://security.gentoo.org/glsa/glsa-201210-03.xml
MDVSA-2011:102
http://www.mandriva.com/security/advisories?name=MDVSA-2011:102
RHSA-2011:0506
https://rhn.redhat.com/errata/RHSA-2011-0506.html
USN-1136-1
http://www.ubuntu.com/usn/USN-1136-1
[rdesktop-announce] 20110418 rdesktop 1.7.0 released
http://sourceforge.net/mailarchive/message.php?msg_id=27376554
http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626
http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download
https://bugzilla.redhat.com/show_bug.cgi?id=676252

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69679
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:102 (rdesktop)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to rdesktop announced via advisory MDVSA-2011:102. A vulnerability has been identified and fixed in rdesktop: Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname (CVE-2011-1595). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:102 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1595 1025525 http://securitytracker.com/id?1025525 44881 http://secunia.com/advisories/44881 47419 http://www.securityfocus.com/bid/47419 51023 http://secunia.com/advisories/51023 FEDORA-2011-7688 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html FEDORA-2011-7694 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html FEDORA-2011-7697 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html GLSA-201210-03 http://security.gentoo.org/glsa/glsa-201210-03.xml MDVSA-2011:102 http://www.mandriva.com/security/advisories?name=MDVSA-2011:102 RHSA-2011:0506 https://rhn.redhat.com/errata/RHSA-2011-0506.html USN-1136-1 http://www.ubuntu.com/usn/USN-1136-1 [rdesktop-announce] 20110418 rdesktop 1.7.0 released http://sourceforge.net/mailarchive/message.php?msg_id=27376554 http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626 http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download https://bugzilla.redhat.com/show_bug.cgi?id=676252
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com