Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2020-4044

Published: 30/06/2020 Updated: 14/08/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Neutrinolabs

Vulnerability Summary

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

neutrinolabs xrdp

Vendor Advisories

Debian CVElist Bug Report Logs: xrdp: CVE-2020-4044
Debian Bug report logs - #964573 xrdp: CVE-2020-4044 Package: src:xrdp; Maintainer for src:xrdp is Debian Remote Maintainers <debian-remote@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 8 Jul 2020 20:33:01 UTC Severity: grave Tags: security, upstream Found in version xrdp/091 ...
Debian Security Advisories: DSA-4737-1 xrdp -- security update
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp session ...

References

CWE-121https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762chttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00036.htmlhttps://www.debian.org/security/2020/dsa-4737https://lists.debian.org/debian-lts-announce/2020/08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00037.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964573https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4737
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook