Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-6967

Published: 17/03/2017 Updated: 08/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Neutrinolabs

Vulnerability Summary

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

neutrinolabs xrdp 0.9.1

Vendor Advisories

Debian CVElist Bug Report Logs: xrdp: CVE-2017-6967: incorrect placement of auth_start_session()
Debian Bug report logs - #858143 xrdp: CVE-2017-6967: incorrect placement of auth_start_session() Package: src:xrdp; Maintainer for src:xrdp is Debian Remote Maintainers <debian-remote@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Mar 2017 20:51:01 UTC Severity: serious Tags: ...

References

CWE-287https://github.com/neutrinolabs/xrdp/pull/694https://github.com/neutrinolabs/xrdp/issues/350https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook