SB2017033020 - Fedora 26 update for xorgxrdp, xrdp
Published: March 30, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017033020
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2017-6967)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Remediation
Install update from vendor's website.