CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.
Configurations

Configuration 1 (hide)

cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:32

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00036.html - () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00036.html -
References () http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00037.html - () http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00037.html -
References () https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c - Patch, Third Party Advisory () https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c - Patch, Third Party Advisory
References () https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1 - Release Notes, Third Party Advisory () https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1 - Release Notes, Third Party Advisory
References () https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 - Third Party Advisory () https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/08/msg00015.html - () https://lists.debian.org/debian-lts-announce/2020/08/msg00015.html -
References () https://www.debian.org/security/2020/dsa-4737 - () https://www.debian.org/security/2020/dsa-4737 -
CVSS v2 : 4.6
v3 : 7.8
v2 : 4.6
v3 : 7.5

Information

Published : 2020-06-30 16:15

Updated : 2024-11-21 05:32


NVD link : CVE-2020-4044

Mitre link : CVE-2020-4044

CVE.ORG link : CVE-2020-4044


JSON object : View

Products Affected

neutrinolabs

  • xrdp
CWE
CWE-121

Stack-based Buffer Overflow