CVE-2023-40184
Vulnerability from cvelistv5
Published
2023-08-30 17:48
Modified
2024-09-30 15:48
Severity ?
EPSS score ?
Summary
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | neutrinolabs | xrdp |
Version: < 0.9.23 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq" }, { "name": "https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23" }, { "name": "https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40184", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-30T15:44:59.219269Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-30T15:48:28.923Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xrdp", "vendor": "neutrinolabs", "versions": [ { "status": "affected", "version": "\u003c 0.9.23" } ] } ], "descriptions": [ { "lang": "en", "value": " xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don\u0027t use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-30T17:48:30.552Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq" }, { "name": "https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23" }, { "name": "https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/" } ], "source": { "advisory": "GHSA-f489-557v-47jq", "discovery": "UNKNOWN" }, "title": "Improper handling of session establishment errors in xrdp" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-40184", "datePublished": "2023-08-30T17:48:30.552Z", "dateReserved": "2023-08-09T15:26:41.053Z", "dateUpdated": "2024-09-30T15:48:28.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-40184\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-08-30T18:15:09.690\",\"lastModified\":\"2024-11-21T08:18:57.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\" xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don\u0027t use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"xrdp es un servidor de protocolo de escritorio remoto (RDP) de c\u00f3digo abierto. En versiones anteriores a la 0.9.23, el manejo inadecuado de los errores de establecimiento de sesi\u00f3n permite eludir las restricciones de sesi\u00f3n a nivel del sistema operativo. La funci\u00f3n `auth_start_session` puede devolver un valor distinto de cero (1), por ejemplo, en un error de PAM, lo que puede dar lugar a restricciones de sesi\u00f3n, como el n\u00famero m\u00e1ximo de sesiones simult\u00e1neas por usuario por parte de PAM (por ejemplo, ./etc/security/limits.conf) para ser omitido. Los usuarios (administradores) que no utilizan restricciones por PAM no se ven afectados. Este problema se solucion\u00f3 en la versi\u00f3n 0.9.23. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":2.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.23\",\"matchCriteriaId\":\"F5F0C8DA-06A5-477C-A303-6715A9D01C6E\"}]}]}],\"references\":[{\"url\":\"https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.