Candidate: CVE-2017-6967
PublicDate: 2017-03-17 09:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6967
 https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
 https://github.com/neutrinolabs/xrdp/issues/350
 https://github.com/neutrinolabs/xrdp/pull/694
 https://github.com/neutrinolabs/xrdp/pull/696
Description:
 xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect
 location, leading to PAM session modules not being properly initialized,
 with a potential consequence of incorrect configurations or elevation of
 privileges, aka a pam_limits.so bypass.
Ubuntu-Description:
 It was discovered that PAM incorrectly initialized session modules. This
 could potentially bypass enforcement of limits.
Notes:
Bugs:
Priority: medium
Discovered-by: Klaus Steinberger
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH]

Patches_xrdp:
upstream_xrdp: released (0.9.1-9)
precise_xrdp: released (0.5.0-2+deb7u1build0.12.04.1)
precise/esm_xrdp: DNE (precise was released [0.5.0-2+deb7u1build0.12.04.1])
trusty_xrdp: ignored (out of standard support)
trusty/esm_xrdp: needed
vivid/stable-phone-overlay_xrdp: DNE
vivid/ubuntu-core_xrdp: DNE
xenial_xrdp: ignored (end of standard support, was needed)
yakkety_xrdp: ignored (reached end-of-life)
zesty_xrdp: ignored (reached end-of-life)
artful_xrdp: ignored (reached end-of-life)
bionic_xrdp: not-affected (0.9.5-2)
cosmic_xrdp: not-affected (0.9.5-2)
disco_xrdp: not-affected (0.9.5-2)
eoan_xrdp: not-affected (0.9.5-2)
focal_xrdp: not-affected (0.9.5-2)
groovy_xrdp: not-affected (0.9.5-2)
hirsute_xrdp: not-affected (0.9.5-2)
impish_xrdp: not-affected (0.9.5-2)
jammy_xrdp: not-affected (0.9.5-2)
devel_xrdp: not-affected (0.9.5-2)