Impact
Missing path canonicalization and base path check for drive channel
A malicious server can trick a FreeRDP based client to read files outside the shared directory
Patches
2.9.0
Workarounds
Do not use the /drive, /drives or +home-drive redirection switch
Issue Reporter
Reported by 'Team BT5 (BoB 11th)'
For more information
If you have any questions or comments about this advisory:
Impact
Missing path canonicalization and base path check for
drivechannelA malicious server can trick a FreeRDP based client to read files outside the shared directory
Patches
2.9.0
Workarounds
Do not use the
/drive,/drivesor+home-driveredirection switchIssue Reporter
Reported by 'Team BT5 (BoB 11th)'
For more information
If you have any questions or comments about this advisory: