Astra Linux - уязвимость в xrdp

XRDPT is an open-source remote desktop protocol RDP server. In affected versions, an integer underflow leading to a heap overflow in the SESMAN server allows any unauthenticated attacker who can access the SESMAN server locally to execute code as root. This vulnerability has been patched in versi...

Astra Linux - уязвимость в xrdp

xrdp is an open-source RDP server. Versions of xrdp prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of maximum login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However,...

SUSE CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-33145

xrdp (open source RDP server) versions up to 0.10.5 are affected by an authenticated remote command execution vulnerability in xrdp-sesman. When AllowAlternateShell is enabled (default if not configured), a client-supplied AlternateShell is passed and executed via /bin/sh -c during session initia...

EUVD-2020-25303

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-23613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any...

The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access

The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...

SUSE CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

DEBIAN-CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

UBUNTU-CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

xrdp 安全漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. A security vulnerability exists in xrdp versions prior to 0.9.23, which stems from an internal mishandling of xrdp-sesman that results in session limits being bypassed...

SUSE CVE-2017-16927

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

SUSE CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

SUSE CVE-2022-23613

xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in...

Denial Of Service (DoS)

xrdp is vulnerable to denial of service. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root...

FreeBSD : xrdp -- privilege escalation (fc2a9541-8893-11ec-9d01-80ee73419af3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc2a9541-8893-11ec-9d01-80ee73419af3 advisory. - xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow...

DEBIAN-CVE-2022-23613

xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in...

CVE-2022-23613

xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in...