Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704737
Category:Debian Local Security Checks
Title:Debian: Security Advisory for xrdp (DSA-4737-1)
Summary:The remote host is missing an update for the 'xrdp'; package(s) announced via the DSA-4737-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xrdp'
package(s) announced via the DSA-4737-1 advisory.

Vulnerability Insight:
Ashley Newson discovered that the XRDP sessions manager was susceptible
to denial of service. A local attacker can further take advantage of
this flaw to impersonate the XRDP sessions manager and capture any user
credentials that are submitted to XRDP, approve or reject arbitrary
login credentials or to hijack existing sessions for xorgxrdp sessions.

Affected Software/OS:
'xrdp' package(s) on Debian Linux.

Solution:
For the stable distribution (buster), this problem has been fixed in
version 0.9.9-1+deb10u1.

We recommend that you upgrade your xrdp packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-4044
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
Debian Security Information: DSA-4737 (Google Search)
https://www.debian.org/security/2020/dsa-4737
https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c
https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1
https://lists.debian.org/debian-lts-announce/2020/08/msg00015.html
SuSE Security Announcement: openSUSE-SU-2020:0999 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00036.html
SuSE Security Announcement: openSUSE-SU-2020:1200 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00037.html
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.