FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xrdp -- local user can cause a denial of service

Affected packages
xrdp-devel <= 0.9.3,1
0.9.3_1,1 < xrdp-devel <= 0.9.4,1

Details

VuXML ID a66f9be2-d519-11e7-9866-c85b763a2f96
Discovery 2017-11-23
Entry 2017-11-29

xrdp reports:

The scp_v0s_accept function in the session manager uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.

[source]

References

CVE Name CVE-2017-16927

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.