1. CVE-Search
  2. CVE-2020-4044
ID CVE-2020-4044
Summary The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.
References
Vulnerable Configurations
  • cpe:2.3:a:neutrinolabs:xrdp:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.3:-:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.3:-:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.4:-:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.4:-:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.4.:rc1:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.4.:rc1:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.12:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:neutrinolabs:xrdp:0.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:neutrinolabs:xrdp:0.9.13:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 14-08-2020 - 21:15)
Impact:
Exploitability:
CWE CWE-121
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
debian DSA-4737
misc
mlist [debian-lts-announce] 20200809 [SECURITY] [DLA 2319-1] xrdp security update
suse
  • openSUSE-SU-2020:0999
  • openSUSE-SU-2020:1200
Last major update 14-08-2020 - 21:15
Published 30-06-2020 - 16:15
Last modified 14-08-2020 - 21:15
Back to Top