CVE-2017-6967

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
neutrinolabsxrdp
0.9.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xrdp
bullseye (security)
0.9.21.1-1~deb11u1
fixed
bullseye
0.9.21.1-1~deb11u1
fixed
jessie
no-dsa
bookworm
0.9.21.1-1
fixed
sid
0.10.1-3
fixed
trixie
0.10.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xrdp
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 0.6.1-2ubuntu0.3+esm1
released
trusty
Fixed 0.6.0-1ubuntu0.1+esm1
released
precise
Fixed 0.5.0-2+deb7u1build0.12.04.1
released
Common Weakness Enumeration
References
https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
https://github.com/neutrinolabs/xrdp/issues/350
https://github.com/neutrinolabs/xrdp/pull/694
https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
https://github.com/neutrinolabs/xrdp/issues/350
https://github.com/neutrinolabs/xrdp/pull/694