Количество 8
Количество 8
BDU:2023-07659
Уязвимость функции auth_start_session() сервера XRDP, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241216-08
Уязвимость xrdp
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versio ...
SUSE-SU-2023:3830-1
Security update for xrdp
SUSE-SU-2023:3735-1
Security update for xrdp
SUSE-SU-2023:4873-1
Security update for xrdp
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-07659 Уязвимость функции auth_start_session() сервера XRDP, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | ROS-20241216-08 Уязвимость xrdp | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 2.6 | 0% Низкий | около 2 лет назад |
 | CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 2.6 | 0% Низкий | около 2 лет назад |
| CVE-2023-40184 xrdp is an open source remote desktop protocol (RDP) server. In versio ... | CVSS3: 2.6 | 0% Низкий | около 2 лет назад |
 | SUSE-SU-2023:3830-1 Security update for xrdp | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:3735-1 Security update for xrdp | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:4873-1 Security update for xrdp | больше 1 года назад |
Уязвимостей на страницу