Bug 2236306 (CVE-2023-40184) - CVE-2023-40184 xdp: restriction bypass via improper session handling
Summary: CVE-2023-40184 xdp: restriction bypass via improper session handling
Keywords:
Status: NEW
Alias: CVE-2023-40184
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2236307 2236308
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-30 21:18 UTC by Chess Hazlett
Modified: 2023-08-30 21:19 UTC (History)
0 users

Fixed In Version: xrdp 0.9.23
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Chess Hazlett 2023-08-30 21:18:49 UTC 
 xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23
https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19
Comment 1 Chess Hazlett 2023-08-30 21:19:05 UTC 
Created xrdp tracking bugs for this issue:

Affects: epel-all [bug 2236308]
Affects: fedora-all [bug 2236307]
Note You need to log in before you can comment on or make changes to this bug.