Main Vulnerability Database SB2023010229

SB2023010229 - SUSE update for xrdp

Published: January 2, 2023

Security Bulletin ID SB2023010229

Severity

High

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2022-23468)

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to a boundary error in xrdp_login_wnd_create() function. A remote attacker can trigger memory corruption and compromise the target system.

2) Buffer overflow (CVE-ID: CVE-2022-23479)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in xrdp_mm_chan_data_in() function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Buffer overflow (CVE-ID: CVE-2022-23480)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in devredir_proc_client_devlist_announce_req() function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Out-of-bounds read (CVE-ID: CVE-2022-23481)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_caps_process_confirm_active() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

5) Out-of-bounds read (CVE-ID: CVE-2022-23482)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in xrdp_sec_process_mcs_data_CS_CORE() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

6) Out-of-bounds read (CVE-ID: CVE-2022-23483)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in libxrdp_send_to_channel() function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

7) Integer overflow (CVE-ID: CVE-2022-23484)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to integer overflow in xrdp_mm_process_rail_update_window_text() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20230012-1/

Vulnerable Software

SUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-LTSS
xrdp-devel: before 0.9.6-150000.4.11.1
xrdp-debugsource: before 0.9.6-150000.4.11.1
xrdp-debuginfo: before 0.9.6-150000.4.11.1
xrdp: before 0.9.6-150000.4.11.1
librfxencode0-debuginfo: before 0.9.6-150000.4.11.1
librfxencode0: before 0.9.6-150000.4.11.1
libpainter0-debuginfo: before 0.9.6-150000.4.11.1
libpainter0: before 0.9.6-150000.4.11.1