Download
| Alert*
oval:org.secpod.oval:def:1801928
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will ... oval:org.secpod.oval:def:118447 xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client. oval:org.secpod.oval:def:118445 xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client. oval:org.secpod.oval:def:89002861 This update for xrdp fixes the following issues: - Security fixes : + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch oval:org.secpod.oval:def:66729 Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials o ... oval:org.secpod.oval:def:89050234 This update for xrdp fixes the following issues: - Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability : CVE-2020-4044 oval:org.secpod.oval:def:89000650 This update for xrdp fixes the following issues: - Security fixes : + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch oval:org.secpod.oval:def:604975 Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials o ... oval:org.secpod.oval:def:708572 xrdp: Remote Desktop Protocol server xrdp could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:89000541 This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 . - Fixed an issue where xrdp-sesman could not restart . - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart . - Fixed a PAM ... oval:org.secpod.oval:def:89000207 This update for xrdp fixes the following issues: - Security fixes : + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch oval:org.secpod.oval:def:96430 xrdp: Remote Desktop Protocol server xrdp could be made to crash or run programs if it received specially crafted network traffic. |