Lucene search

[email protected]NVD:CVE-2017-6967

HistoryMar 17, 2017 - 9:59 a.m.

CVE-2017-6967

2017-03-1709:59:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

Affected configurations

Nvd

Node

neutrinolabsxrdpMatch0.9.1

VendorProductVersionCPE
neutrinolabsxrdp0.9.1cpe:2.3:a:neutrinolabs:xrdp:0.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
neutrinolabs	xrdp	0.9.1	cpe:2.3:a:neutrinolabs:xrdp:0.9.1:::::::*

References

bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742

github.com/neutrinolabs/xrdp/issues/350

github.com/neutrinolabs/xrdp/pull/694

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Related for NVD:CVE-2017-6967

ubuntucve1 cve1 osv4 openvas9 prion1 fedora6 nessus8 veracode1 cvelist1 debian1 debiancve1 ubuntu1