CVE-2017-6967
17.03.2017, 09:59
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| neutrinolabs | xrdp | 0.9.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| xrdp |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpainter0 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| librfxencode0 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| xrdp |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| xrdp-devel |
|
Common Weakness Enumeration
References