Bug#964573: marked as done (xrdp: CVE-2020-4044)
Your message dated Sat, 01 Aug 2020 18:03:51 +0000
with message-id <E1k1vrL-000CbB-6O@fasolo.debian.org>
and subject line Bug#964573: fixed in xrdp 0.9.9-1+deb10u1
has caused the Debian Bug report #964573,
regarding xrdp: CVE-2020-4044
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
964573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964573
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xrdp: CVE-2020-4044
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 08 Jul 2020 22:28:43 +0200
- Message-id: <159424012361.1541374.1791081600449234105.reportbug@eldamar.local>
Source: xrdp
Version: CVE-2020-4044
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for xrdp.
CVE-2020-4044[0]:
| The xrdp-sesman service before version 0.9.13.1 can be crashed by
| connecting over port 3350 and supplying a malicious payload. Once the
| xrdp-sesman process is dead, an unprivileged attacker on the server
| could then proceed to start their own imposter sesman service
| listening on port 3350. This will allow them to capture any user
| credentials that are submitted to XRDP and approve or reject arbitrary
| login credentials. For xorgxrdp sessions in particular, this allows an
| unauthorized user to hijack an existing session. This is a buffer
| overflow attack, so there may be a risk of arbitrary code execution as
| well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-4044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
[1] https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
[2] https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xrdp
Source-Version: 0.9.9-1+deb10u1
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
xrdp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 964573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xrdp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Jul 2020 17:02:11 +0200
Source: xrdp
Architecture: source
Version: 0.9.9-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 964573
Changes:
xrdp (0.9.9-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* libscp v1 server set height twice, and not set width
* xrdp-sesman can be crashed remotely over port 3350 (CVE-2020-4044)
(Closes: #964573)
* Fixed CVE-2020-4044 CI errors
Checksums-Sha1:
aa097733cf0226ef0140e93bbb91bfc7cde2cdc8 2430 xrdp_0.9.9-1+deb10u1.dsc
4d797be6e270305273806fe42d80a6e746f4c818 1866532 xrdp_0.9.9.orig.tar.gz
e8f4c6f15994e432e7071072cc65ad4782306352 27872 xrdp_0.9.9-1+deb10u1.debian.tar.xz
Checksums-Sha256:
a6124cdaad754910c3d5def99c23e17f1d363a98d0fb2889a2422153a8c34fff 2430 xrdp_0.9.9-1+deb10u1.dsc
8edf33346a8b3718a828d2c998ac1a036ea707e7f02b47092c8ae20dd71a9362 1866532 xrdp_0.9.9.orig.tar.gz
813d5156e9f7cd8b81819c26b42da3696f2c504dbcd910f1d29e11d514a23b15 27872 xrdp_0.9.9-1+deb10u1.debian.tar.xz
Files:
beb677205062dba8302b3db291664279 2430 net optional xrdp_0.9.9-1+deb10u1.dsc
d2f57182036c3f69dcaca0dfed4aaa6b 1866532 net optional xrdp_0.9.9.orig.tar.gz
d9f383856dec7ff03ca29726c0542432 27872 net optional xrdp_0.9.9-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8UYVlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E/TQP/2kBfYRy0ux9X9ViRsQvJDeQiWgs7OVx
2Rynt93/9nDV/OEctrUqPztHuZKac0bLQJm5A20RxWmWMItudQvHm1ahiA625r83
5QJIx4IgFN2FlGnQiMyoTOCcERmSO7GqC9/sQHSkyvP6anuqWgjRW6ls3+U+MA84
IhFuH9xKourffjZ7JRzeO6VWNw6cnIQg1lRns2RK9iYe0ckbVck+3AQTCylLDwdF
bC4HBFOV7lziFOrANPEE1YIz6TAJqH84MyXNfTVumH1CfEaNXLAhgvx+WbPoFI/T
au8ol0ABxCS96YtJXQdPgymtPNpFCb1slxQOwBVnSvjAb6VB8YtN9wm/ewgwQkZ3
YgZD8ltPYw9bcAxb0sgGI1p8r3ZY9cQUp5S9XJ/hXiVz6HGBaEC10o0JMLcFOYH7
Psm/T4JxXhU56kjbQdEnfnXNfvaV5/2yuWi8OG5rsdQubgYFyBkFpuAO6Z1qWJ7A
aEsg4VUVE11IE5u8TnCdKi9XZwmPBQrC2I3xEu0zzczdMQrD8nNP0rDbVim+n1WJ
8IuhyZCX2ApjJraLpZV3EgkwW0s4MJNE02+I0+WMJMngYX0/JpSgySchYN6XMLGA
JB73TIkRSxXIRkTyZaMSK4rgCO/Bb8Zi0hLnbVwpNUY1mVz7fIhvUcI9rhQU+H/v
GYQx/1tCoRxu
=WWnP
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: