|Category:||Debian Local Security Checks|
|Title:||Debian: Security Advisory for xrdp (DSA-4737-1)|
|Summary:||The remote host is missing an update for the 'xrdp'; package(s) announced via the DSA-4737-1 advisory.|
The remote host is missing an update for the 'xrdp'
package(s) announced via the DSA-4737-1 advisory.
Ashley Newson discovered that the XRDP sessions manager was susceptible
to denial of service. A local attacker can further take advantage of
this flaw to impersonate the XRDP sessions manager and capture any user
credentials that are submitted to XRDP, approve or reject arbitrary
login credentials or to hijack existing sessions for xorgxrdp sessions.
'xrdp' package(s) on Debian Linux.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your xrdp packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-4044|
Debian Security Information: DSA-4737 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0999 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1200 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.