[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager
From: Salvatore Bonaccorso <carnil () debian ! org>
Date: 2017-11-23 8:54:05
Message-ID: 20171123085405.GA25517 () eldamar
[Download RAW message or body]
Hi
MITRE has assigned CVE-2017-16927 for a buffer-overflow flaw in the
scp_v0s_accept function in xrdp's session manager (in default
configurations running as root and listening on the loopback address,
so potentially triggerable by any local user):
https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
Quoting the reference:
> The code in question is sesman/libscp/libscp_v0.c, around lines 228
> and 240: a 16-bit unsigned int is read from the input stream to
> represent the string length (for username and password input), and
> used without validation to index/copy from the input stream into a
> 257-byte buffer.
There is a proposed patch/pull request:
https://github.com/neutrinolabs/xrdp/pull/958
Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic