Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-40184

Опубликовано: 30 авг. 2023
Источник: nvd
CVSS3: 2.6
CVSS3: 6.5
EPSS Низкий

Описание

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The auth_start_session function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*
Версия до 0.9.23 (исключая)

EPSS

Процентиль: 26%
0.00088
Низкий

2.6 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-755
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-40184

CVSS3: 2.6
ubuntu
почти 2 года назад

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

debian логотип

CVE-2023-40184

CVSS3: 2.6
debian
почти 2 года назад

xrdp is an open source remote desktop protocol (RDP) server. In versio ...

suse-cvrf логотип

SUSE-SU-2023:3830-1

suse-cvrf
больше 1 года назад

Security update for xrdp

suse-cvrf логотип

SUSE-SU-2023:3735-1

suse-cvrf
почти 2 года назад

Security update for xrdp

fstec логотип

BDU:2023-07659

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость функции auth_start_session() сервера XRDP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 26%
0.00088
Низкий

2.6 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-755
NVD-CWE-noinfo