Candidate: CVE-2017-16927
PublicDate: 2017-11-23 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927
 https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
 https://github.com/neutrinolabs/xrdp/pull/958
Description:
 The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session
 manager in xrdp through 0.9.4 uses an untrusted integer as a write length,
 which allows local users to cause a denial of service (buffer overflow and
 application crash) or possibly have unspecified other impact via a crafted
 input stream.
Ubuntu-Description:
 It was discovered that xrdp could be made to overflow a buffer and crash. 
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [8.4 HIGH]


Patches_xrdp:
upstream_xrdp: released (0.9.4-3)
precise/esm_xrdp: DNE
trusty_xrdp: ignored (out of standard support)
trusty/esm_xrdp: needed
xenial_xrdp: ignored (end of standard support, was needed)
zesty_xrdp: ignored (reached end-of-life)
artful_xrdp: ignored (reached end-of-life)
bionic_xrdp: not-affected (0.9.5-2)
cosmic_xrdp: not-affected (0.9.5-2)
disco_xrdp: not-affected (0.9.5-2)
eoan_xrdp: not-affected (0.9.5-2)
focal_xrdp: not-affected (0.9.5-2)
groovy_xrdp: not-affected (0.9.5-2)
hirsute_xrdp: not-affected (0.9.5-2)
impish_xrdp: not-affected (0.9.5-2)
jammy_xrdp: not-affected (0.9.5-2)
devel_xrdp: not-affected (0.9.5-2)