Malware Devil

Loading...

Monday, August 10, 2020

ESB-2020.2734 – [Debian] xrdp: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2734
                           xrdp security update
                              10 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xrdp
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4044  

Reference:         ESB-2020.2710

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/08/msg00015.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2319-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
August 09, 2020                               https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : xrdp
Version        : 0.9.1-9+deb9u4
CVE ID         : CVE-2020-4044
Debian Bug     : 964573

xrdp-sesman service in xrdp can be crashed by connecting over port 3350
and supplying a malicious payload. Once the xrdp-sesman process is dead,
an unprivileged attacker on the server could then proceed to start their
own imposter sesman service listening on port 3350. This will allow them
to capture any user credentials that are submitted to XRDP and approve or
reject arbitrary login credentials. For xorgxrdp sessions in particular,
this allows an unauthorized user to hijack an existing session. This is a
buffer overflow attack, so there may be a risk of arbitrary code
execution as well.

For Debian 9 stretch, this problem has been fixed in version
0.9.1-9+deb9u4.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xrdp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl8wD/0ACgkQhj1N8u2c
KO82Tw/9FdQb+Bjxsdo6Kj0FLFJAzh6NN0cEtM29OP1Z6Fd/foRUdM8/HIa9Kpkt
oOXrQoLUThrsOqY5E0vOp5Suot72TeZn8Xm4FNIxGugMCazrZ46+tPfC7/njGdHy
2YHpe/tdBAD56ANvUs9QQ3hJLGhiUXREMUiSgm12tE5BsUvK22ah2fFZA3m8CuQr
3pMnDfLyzWQDk8CYCztzMeNaosFG9/wNOSV1/1+guf1wF8r+P1qaKnPqgZDmxTiA
4KO0w2LvZPYJyboA/JIchFDwpUydAmvkhSdsM0Ha3cB0ggBvNHJzu5aqj6+HquZo
G1TghiKuIXF4LdKUQwhLbbIB6P2EEuikkmsEM+9qzZbgAp6S4ansNcgGyI0/gJ34
8DoIiGyDtyDqqjsAO5yb97Wb/YzKVWn8puPSk367u7Loq3phkoZY9mgwfNoXHvmS
TCmfMP1MMWPMMd3KIYa/5Z142/Ms+i538Dam3xdQstNyRvs+JT1TnNarNF0fqQif
MH9GBGJ5rNTg6iphkOnWsFBZn5oJYm6ExAERhcuVokRzwjMpi55zE3uNYo1h+qUY
bQbpSIph1AaYUCRbw7QnXe8ElWtU0pX3D+weFHdOjQhaDnqMI72yfCsbCINOzfm/
2b5lFlK6ifO6a60IpDFCAHwBoOyJUEX0BTZo5SGKhCX/gZhosTM=
=6n5B
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXzDSYONLKJtyKPYoAQhpCQ/+Pflxv7Sal3v7k+rgbYkiy5IqaljaXULY
Sxr5h1oQg92M0/VW7Az4jCTeXDF8pWdDkpvIErOEl8zquLoElS7mYGQRWyMsX3gj
/Vv+WZJzGe/YlwKLDqF+eeszVOthuIPZdZRZNNtikZsVCWvoHyXZYmecAUL/FeR3
CwGaAPPFBnFgAj8yH16NY7XXSwdbkibhQn0sBuG147kwDzcsx/t8EpQZmO+gP16R
XRmLAV2HN2nz4bZAZyABc5ezYLxYt2EtOInlqq5eTQbF+xUMeMUI0j0kCRW2V7pK
l5UMHTi4oMaDE3t1JBL6zQMXwowuMHXKVpR/H0I82ybndCNMIHRbdhKONd1TMXcS
MJWWJpoMldGKcpoN6o2wpFhmzimLskYGhP3gwyG06tnovkiZ/hmbzKhNRT1omFy/
ghc66mOaEbAN9MMwgEQz9vIrSCV1h54aMJPykRsr5uRtPKS6b2Ke9MeqCEQtpmE6
hZtI8t+bE0y3Ruvnpw8fJLyKfj9DanHX5t+iiQZOSATRjqdNRu64bbFB6bzL5qkC
I1qFJZYn0T6ZXdGHwZP4jdRUdAO6nKYEV4nn4JoasHzqZKv07DlFOPqSYRH7kNw+
XcyhCx+DVkG+WQrS+AFhS1SoS+Wr/h0RWjP03WmSMzpYpCZwxIeP0xtsrVwj2ofW
HlipmjjXCiM=
=bm1M
-----END PGP SIGNATURE-----

Read More



https://www.malwaredevil.com/2020/08/10/esb-2020-2734-debian-xrdp-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2734-debian-xrdp-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...