CVE-2020-4044Stack-based Buffer Overflow in Xrdp

CWE-121Stack-based Buffer OverflowCWE-843Type ConfusionCWE-416Use After FreeCWE-125Out-of-bounds Read41 documents9 sources
Severity
7.8HIGHNVD
CNA7.5
EPSS
0.6%
top 30.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Neutrinolabs Xrdp
Timeline
PublishedJun 30
Latest updateNov 2

Description

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5neutrinolabs/xrdp< 0.9.13.1
NVDneutrinolabs/xrdp< 0.9.13.1
Debianneutrinolabs/xrdp< 0.9.12-1.1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2020-4044: The xrdp-sesman service before version 02020-06-30
CVEList
Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it2020-06-30

💥Exploits & PoCs

1
Exploit-DB
Google Chrome 81.0.4044 V8 - Remote Code Execution2021-04-06

📋Vendor Advisories

34
Ubuntu
xrdp vulnerability2023-11-02
Red Hat
chromium-browser: Type Confusion in Blink2020-05-05
Red Hat
chromium-browser: Use after free in task scheduling2020-04-27
Red Hat
chromium-browser: Use after free in storage2020-04-27
Red Hat
chromium-browser: Use after free in payments2020-04-21

💬Community

2
Bugzilla
CVE-2020-4044 xrdp: buffer overflow via malicious payloads [epel-6]2020-07-09
Bugzilla
CVE-2020-4044 xrdp: buffer overflow via malicious payloads2020-07-09
CVE-2020-4044 — Stack-based Buffer Overflow in Xrdp | cvebase