Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-23613
HistoryFeb 07, 2022 - 12:00 a.m.

CVE-2022-23613

2022-02-0700:00:00
ubuntu.com
ubuntu.com
13
xrdp
sesman server
heap overflow
vulnerability
patch
upgrade

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

xrdp is an open source remote desktop protocol (RDP) server. In affected
versions an integer underflow leading to a heap overflow in the sesman
server allows any unauthenticated attacker which is able to locally access
a sesman server to execute code as root. This vulnerability has been
patched in version 0.9.18.1 and above. Users are advised to upgrade. There
are no known workarounds.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxrdp< 0.9.5-2ubuntu0.1~esm2UNKNOWN
ubuntu20.04noarchxrdp< 0.9.12-1ubuntu0.1+esm1UNKNOWN
ubuntu22.04noarchxrdp< 0.9.17-2ubuntu2+esm1UNKNOWN
ubuntu24.04noarchxrdp< anyUNKNOWN
ubuntu14.04noarchxrdp< 0.6.0-1ubuntu0.1+esm3UNKNOWN
ubuntu16.04noarchxrdp< 0.6.1-2ubuntu0.3+esm3UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%