Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-39917

HistoryJul 12, 2024 - 4:15 p.m.

CVE-2024-39917

2024-07-1216:15:04

Alpine Linux Development Team

security.alpinelinux.org

xrdp

rdp server

vulnerability

configuration parameter

infinite login

sesman.ini

cve-2024-39917

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

39.7%

JSON

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

OSVersionArchitecturePackageVersionFilename
Alpine3.20-communitynoarchxrdp= 0.9.24-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.20-community	noarch	xrdp	= 0.9.24-r0	UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

39.7%

JSON

Related for ALPINE:CVE-2024-39917