FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c9ff1150-5d63-11ee-bbae-1c61b4739ac9xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions

xrdp team reports:

In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.


Discovery 2023-08-30
Entry 2023-09-27
xrdp
< 0.9.23

CVE-2023-40184
https://www.cve.org/CVERecord?id=CVE-2023-40184
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq