Candidate: CVE-2020-4044
PublicDate: 2020-06-30 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
 https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c
 https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1
 https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
Description:
 The xrdp-sesman service before version 0.9.13.1 can be crashed by
 connecting over port 3350 and supplying a malicious payload. Once the
 xrdp-sesman process is dead, an unprivileged attacker on the server could
 then proceed to start their own imposter sesman service listening on port
 3350. This will allow them to capture any user credentials that are
 submitted to XRDP and approve or reject arbitrary login credentials. For
 xorgxrdp sessions in particular, this allows an unauthorized user to hijack
 an existing session. This is a buffer overflow attack, so there may be a
 risk of arbitrary code execution as well.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_xrdp:
upstream_xrdp: released (0.9.1-9+deb9u4, 0.9.9-1+deb10u1, 0.9.12-1.1)
precise/esm_xrdp: DNE
trusty_xrdp: ignored (out of standard support)
trusty/esm_xrdp: needed
xenial_xrdp: ignored (end of standard support, was needed)
bionic_xrdp: needed
eoan_xrdp: ignored (reached end-of-life)
focal_xrdp: needed
groovy_xrdp: not-affected (0.9.12-1.1)
hirsute_xrdp: not-affected (0.9.12-1.1)
impish_xrdp: not-affected (0.9.12-1.1)
jammy_xrdp: not-affected (0.9.12-1.1)
devel_xrdp: not-affected (0.9.12-1.1)