What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4737-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 29, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xrdp
CVE ID         : CVE-2020-4044
Debian Bug     : 964573

Ashley Newson discovered that the XRDP sessions manager was susceptible
to denial of service. A local attacker can further take advantage of
this flaw to impersonate the XRDP sessions manager and capture any user
credentials that are submitted to XRDP, approve or reject arbitrary
login credentials or to hijack existing sessions for xorgxrdp sessions.

For the stable distribution (buster), this problem has been fixed in
version 0.9.9-1+deb10u1.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/xrdp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4737-1: xrdp security update

July 29, 2020
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service

Summary

For the stable distribution (buster), this problem has been fixed in
version 0.9.9-1+deb10u1.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/xrdp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Ashley Newson discovered that the XRDP sessions manager was susceptible
to denial of service. A local attacker can further take advantage of
this flaw to impersonate the XRDP sessions manager and capture any user
credentials that are submitted to XRDP, approve or reject arbitrary
login credentials or to hijack existing sessions for xorgxrdp sessions.

Related News

Threat Actors Use AWS SSM Agent as a Remote Access Trojan

Aug 3, 2023

Ubuntu Desktop "Charting A Course For The Future" With Ubuntu 24.04 LTS Next Year

Aug 27, 2023

Free Download Manager Backdoored to Serve Linux Malware for +3 Years

Sep 16, 2023

Mitigations for Important Vim Code Execution, DoS Vulns Released

Aug 31, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo