SUSE update for xrdp



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-40184
CVE-2023-42822
CWE-ID CWE-254
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

xrdp-debuginfo
Operating systems & Components / Operating system package or component

xrdp-debugsource
Operating systems & Components / Operating system package or component

xrdp
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU80197

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40184

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper handling of session restrictions inside the xrdp-sesman. A remote user can bypass session restrictions, such as max concurrent sessions per user enforced by PAM.

Mitigation

Update the affected package xrdp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

xrdp-debuginfo: before 0.9.10-3.16.1

xrdp-debugsource: before 0.9.10-3.16.1

xrdp: before 0.9.10-3.16.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20234873-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU81308

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-42822

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_painter.c when accessing the font glyphs. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.

Successful exploitation of the vulnerability may lead to system compromise.

Mitigation

Update the affected package xrdp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

xrdp-debuginfo: before 0.9.10-3.16.1

xrdp-debugsource: before 0.9.10-3.16.1

xrdp: before 0.9.10-3.16.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20234873-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###