Bug#964573: marked as done (xrdp: CVE-2020-4044)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 24 Jul 2020 16:04:50 +0000
with message-id <E1jz0Bm-0005AH-RQ@fasolo.debian.org>
and subject line Bug#964573: fixed in xrdp 0.9.12-1.1
has caused the Debian Bug report #964573,
regarding xrdp: CVE-2020-4044
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
964573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964573
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: xrdp: CVE-2020-4044
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Wed, 08 Jul 2020 22:28:43 +0200
• Message-id: <[🔎] 159424012361.1541374.1791081600449234105.reportbug@eldamar.local>

Source: xrdp
Version: CVE-2020-4044
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for xrdp.

CVE-2020-4044[0]:
| The xrdp-sesman service before version 0.9.13.1 can be crashed by
| connecting over port 3350 and supplying a malicious payload. Once the
| xrdp-sesman process is dead, an unprivileged attacker on the server
| could then proceed to start their own imposter sesman service
| listening on port 3350. This will allow them to capture any user
| credentials that are submitted to XRDP and approve or reject arbitrary
| login credentials. For xorgxrdp sessions in particular, this allows an
| unauthorized user to hijack an existing session. This is a buffer
| overflow attack, so there may be a risk of arbitrary code execution as
| well.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-4044
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
[1] https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
[2] https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 964573-close@bugs.debian.org
• Subject: Bug#964573: fixed in xrdp 0.9.12-1.1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Fri, 24 Jul 2020 16:04:50 +0000
• Message-id: <E1jz0Bm-0005AH-RQ@fasolo.debian.org>
• Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: xrdp
Source-Version: 0.9.12-1.1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
xrdp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 964573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xrdp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Jul 2020 17:11:20 +0200
Source: xrdp
Architecture: source
Version: 0.9.12-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 964573
Changes:
 xrdp (0.9.12-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * xrdp-sesman can be crashed remotely over port 3350 (CVE-2020-4044)
     (Closes: #964573)
   * Fixed CVE-2020-4044 CI errors
Checksums-Sha1: 
 1667381e89fa178aa8295f45184a8e48c6166032 2411 xrdp_0.9.12-1.1.dsc
 9d12e0b6bd77e2c2a34a8b5d561bf5938b34442c 28176 xrdp_0.9.12-1.1.debian.tar.xz
Checksums-Sha256: 
 1eada96f22b21b00bb1a07ccb1d1d03f5a7270e21b39eb1d192fbc374c35f495 2411 xrdp_0.9.12-1.1.dsc
 6df4f2956fb3ee9b952888efca74af0dd79c553c8341b641ac4527f6f7547f05 28176 xrdp_0.9.12-1.1.debian.tar.xz
Files: 
 f8ac1099c66724d15cc57cace2d634e2 2411 net optional xrdp_0.9.12-1.1.dsc
 d9723a12dba5a2abbfcd46cc07694e75 28176 net optional xrdp_0.9.12-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8UaBRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPVsP/2HIIDlgd5OGclkjzE4QQtM7CGPtFp6u
d3DAUBjQQoRWGur4xynSVVh6bjrp2RA1TsVi6VehQSkPOhwedjOsfCQqnNdS/iig
uFXcc8bS7EEQA+8nZEEbnl0xfCZwRLUVGIwPwggHYknVsi2+eG9kQ+xbcSsHVF4U
MTbVNyNrx8ygjVxgsjIq3srYyo09IhGlHX4zRwRwo0n1sq/Hz4Ygh0+jJu1x3xAm
oSNfhEUABxm+yWIoL1mD4x6s8wvwaaafCj3w1WmbQdnUPgFV1UEV9uuTsKKCERqU
yf/DP02oxpezoED5Jeac0Hq6flpdNsQdQx9fhJ8rXucp65/MGMLIDPZYceB6Mwqc
QIbjY8d+G9gEfe2/oLbIzWWC3uOH2LmqQWXd0nMEZ7cwnmIcifiz8ZU5HJQIk/cC
bjRe2FDj0cpNbmhLjUbf2LJG0rqdSCFE0Ze4idBM5j2LSDdFHBrnNIqzVJ7kaxEP
BBYI4RQShINqQvLQg/L9HnF0Gb5Qav2/ij3w8mlpOIfnh9/zXiwA27ybV2043MMo
7Z1Jspd2AfaS9XhC/4dRXniWMaqJuNKV+gV/lnMdpbiEVDblXlTkj6hJnzLTTuv0
C6NjbXDlFnHoLibSIYqR0/HBImXZiiQPsNSYor9eETOlpUuxDmlB3hxcSvqk2z/f
m92HKQnd1SZX
=3jTN
-----END PGP SIGNATURE-----

--- End Message ---