FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xrdp -- privilege escalation

Affected packages
0.9.17,1 <= xrdp < 0.9.18.1,1
0.9.17,1 <= xrdp-devel < 0.9.18.1,1

Details

VuXML ID fc2a9541-8893-11ec-9d01-80ee73419af3
Discovery 2022-01-23
Entry 2022-02-08
Modified 2022-02-15

xrdp project reports:

An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server (listens by default on localhost when installing xrdp, but can be remote if configured otherwise) to execute code as root.

[source]

References

CVE Name CVE-2022-23613
URL https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.