SB2023110902 - Ubuntu update for xrdp

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023110902

SB2023110902 - Ubuntu update for xrdp

Published: November 9, 2023

Security Bulletin ID SB2023110902
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 46% Medium 38% Low 15%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2022-23479)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in xrdp_mm_chan_data_in() function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Out-of-bounds read (CVE-ID: CVE-2022-23481)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_caps_process_confirm_active() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.


3) Out-of-bounds read (CVE-ID: CVE-2022-23483)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in libxrdp_send_to_channel() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.


4) Out-of-bounds read (CVE-ID: CVE-2023-42822)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_painter.c when accessing the font glyphs. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.

Successful exploitation of the vulnerability may lead to system compromise.


5) Security features bypass (CVE-ID: CVE-2023-40184)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper handling of session restrictions inside the xrdp-sesman. A remote user can bypass session restrictions, such as max concurrent sessions per user enforced by PAM.


6) Buffer overflow (CVE-ID: CVE-2022-23468)

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to a boundary error in xrdp_login_wnd_create() function. A remote attacker can trigger memory corruption and compromise the target system.


7) Buffer overflow (CVE-ID: CVE-2022-23480)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in devredir_proc_client_devlist_announce_req() function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Out-of-bounds read (CVE-ID: CVE-2022-23482)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_sec_process_mcs_data_CS_CORE() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.


9) Integer overflow (CVE-ID: CVE-2022-23484)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to integer overflow in xrdp_mm_process_rail_update_window_text() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service (DoS) attack.


10) Buffer overflow (CVE-ID: CVE-2022-23477)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in audin_send_open() function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


11) Out-of-bounds read (CVE-ID: CVE-2022-23493)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary condition in xrdp_mm_trans_process_drdynvc_channel_close() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system, or perform a denial of service (DoS) attack.


12) Out-of-bounds write (CVE-ID: CVE-2022-23478)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in xrdp_mm_trans_process_drdynvc_channel_open() function. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


13) Integer underflow (CVE-ID: CVE-2022-23613)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in the sesman server. A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References