ALT-BU-2022-7553-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2022-05759
Уязвимость сервера XRDP, связанная с целочисленной потерей значимости, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-07224
Уязвимость функции audin_send_open сервера xrdp, позволяющая нарушителю получить доступ к удалённой машине
BDU:2022-07225
Уязвимость функции xrdp_mm_trans_process_drdynvc_channel_open сервера XRDP, позволяющая нарушителю получить доступ к удалённой машине
BDU:2022-07306
Уязвимость функции devredir_proc_client_devlist_announce_req() сервера XRDP, позволяющая нарушителю выполнить произвольный код
BDU:2022-07307
Уязвимость функции xrdp_mm_process_rail_update_window_text() сервера XRDP, позволяющая нарушителю выполнить произвольный код
BDU:2022-07308
Уязвимость функции libxrdp_send_to_channel() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2022-07309
Уязвимость функции xrdp_mm_chan_data_in() сервера XRDP, позволяющая нарушителю выполнить произвольный код
BDU:2022-07310
Уязвимость функции xrdp_mm_trans_process_drdynvc_channel_close() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
BDU:2022-07311
Уязвимость функции xrdp_sec_process_mcs_data_CS_CORE() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
BDU:2022-07312
Уязвимость функции xrdp_login_wnd_create() сервера XRDP, позволяющая нарушителю выполнить произвольный код
BDU:2022-07313
Уязвимость функции xrdp_caps_process_confirm_active() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-23468
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23477
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23479
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23480
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23481
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23482
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23483
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23484
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23493
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.
Modified: 2024-11-21
CVE-2022-23613
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
- https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
- https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
- https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
- https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
- FEDORA-2022-727e3914e1
- FEDORA-2022-727e3914e1
- FEDORA-2022-4283d4695d
- FEDORA-2022-4283d4695d