Lucene search
K

Fedora 43 : xorgxrdp / xrdp (2026-febea89ac3)

🗓️ 07 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Fedora 43 hosts xrdp v0.10.5 with CVE-2025-68670 fix and various updates.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-febea89ac3
#

include('compat.inc');

if (description)
{
  script_id(298313);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/07");

  script_cve_id("CVE-2025-68670");
  script_xref(name:"FEDORA", value:"2026-febea89ac3");

  script_name(english:"Fedora 43 : xorgxrdp / xrdp (2026-febea89ac3)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the
FEDORA-2026-febea89ac3 advisory.

    Release notes for xrdp v0.10.5 (2026/01/27)

    Security fixes

    - CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

    New features

    - It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599
    #3603). If you do this certain restrictions will apply. See
    https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
    - TLS pre-master secrets can now be recorded for packet captures (#3617)
    - Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
    - Alternate shell names can now be passed to startwm.sh in an environment variable for more system
    management control (#3624 #3651)
    - Updated Xorg paths in sesman.ini to include more recent distros (#3663)
    - Add Slovenian keyboard (#3668 #3670)
    - xrdpapi: Add a way to monitor connect/disconnect events (#3693)

    Bug fixes

    - Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
    - Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did
    not support the ExtendedDesktopSize encoding (#3540 #3584)
    - Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
    - Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
    - A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
    - Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
    - Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly
    (#3649)
    - Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly
    (#3650)
    - Do not overwrite a VNC port set by the user when not using sesman (#3674)
    - Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
    - Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
    - getgrouplist() now compiles on MacOS (#3575)
    - Various Coverity warnings have been addressed (#3656)
    - Documentation improvements (#3665)

    Internal changes

    - An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

    Release notes for xorgxrdp v0.10.5 (2026/01/28)

    Bug fixes

    - Fix bug in Chrome pointer detection (#394 #396)

    Internal changes

    - CI: Update FreeBSD xrdp dependency (#398)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-febea89ac3");
  script_set_attribute(attribute:"solution", value:
"Update the affected 1:xrdp and / or xorgxrdp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-68670");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:43");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorgxrdp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xrdp");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^43([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 43', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '43',
    'pkgs': [
      {'reference':'xorgxrdp-0.10.5-1.fc43', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'xrdp-0.10.5-1.fc43', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xorgxrdp / xrdp');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Feb 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.19.1 - 9.8
EPSS0.01318
SSVC
4