UBUNTU-CVE-2023-40184

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-40184

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-40184.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-40184

Related

Published

2023-08-30T18:15:00Z

Modified

2024-10-15T14:11:43Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The auth_start_session function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Ubuntu:Pro:14.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.0-1ubuntu0.1+esm3

Affected versions

0.*

0.6.0-1

0.6.0-1ubuntu0.1

0.6.0-1ubuntu0.1+esm1

0.6.0-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.1-2ubuntu0.3+esm3

Affected versions

0.*

0.6.1-2

0.6.1-2ubuntu0.1

0.6.1-2ubuntu0.3

0.6.1-2ubuntu0.3+esm1

0.6.1-2ubuntu0.3+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.5-2ubuntu0.1~esm2

Affected versions

0.*

0.9.1-9

0.9.4-1

0.9.4-2

0.9.4-3

0.9.4-4

0.9.4-5

0.9.5-1

0.9.5-1build1

0.9.5-2

0.9.5-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-pulseaudio-installer"
        }
    ]
}

Ubuntu:20.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.9-1

0.9.12-1

0.9.12-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12-1ubuntu0.1+esm1

Affected versions

0.*

0.9.9-1

0.9.12-1

0.9.12-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.15-1ubuntu1

0.9.17-1

0.9.17-2

0.9.17-2ubuntu1

0.9.17-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.17-2ubuntu2+esm1

Affected versions

0.*

0.9.15-1ubuntu1

0.9.17-1

0.9.17-2

0.9.17-2ubuntu1

0.9.17-2ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:24.10 / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.24-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.24-4",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.24-4",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.21.1-1

0.9.24-2

0.9.24-3

0.9.24-3build1

0.9.24-3build2

0.9.24-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}