FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xrdp -- privilege escalation

Affected packages
0.9.17,1 <= xrdp <,1
0.9.17,1 <= xrdp-devel <,1


VuXML ID fc2a9541-8893-11ec-9d01-80ee73419af3
Discovery 2022-01-23
Entry 2022-02-08
Modified 2022-02-15

xrdp project reports:

An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server (listens by default on localhost when installing xrdp, but can be remote if configured otherwise) to execute code as root.


CVE Name CVE-2022-23613