Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0016
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0016)
Summary:	The remote host is missing an update for the 'xrdp' package(s) announced via the MGASA-2021-0016 advisory.
Description:	Summary: The remote host is missing an update for the 'xrdp' package(s) announced via the MGASA-2021-0016 advisory. Vulnerability Insight: Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions (CVE-2020-4044). Affected Software/OS: 'xrdp' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-4044 https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 Debian Security Information: DSA-4737 (Google Search) https://www.debian.org/security/2020/dsa-4737 https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0999 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00036.html SuSE Security Announcement: openSUSE-SU-2020:1200 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00037.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.