Bug#964573: xrdp: CVE-2020-4044
Source: xrdp
Version: CVE-2020-4044
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for xrdp.
CVE-2020-4044[0]:
| The xrdp-sesman service before version 0.9.13.1 can be crashed by
| connecting over port 3350 and supplying a malicious payload. Once the
| xrdp-sesman process is dead, an unprivileged attacker on the server
| could then proceed to start their own imposter sesman service
| listening on port 3350. This will allow them to capture any user
| credentials that are submitted to XRDP and approve or reject arbitrary
| login credentials. For xorgxrdp sessions in particular, this allows an
| unauthorized user to hijack an existing session. This is a buffer
| overflow attack, so there may be a risk of arbitrary code execution as
| well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-4044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
[1] https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
[2] https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: