Date: Thu, 23 Nov 2017 09:54:05 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager Hi MITRE has assigned CVE-2017-16927 for a buffer-overflow flaw in the scp_v0s_accept function in xrdp's session manager (in default configurations running as root and listening on the loopback address, so potentially triggerable by any local user): https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA Quoting the reference: > The code in question is sesman/libscp/libscp_v0.c, around lines 228 > and 240: a 16-bit unsigned int is read from the input stream to > represent the string length (for username and password input), and > used without validation to index/copy from the input stream into a > 257-byte buffer. There is a proposed patch/pull request: https://github.com/neutrinolabs/xrdp/pull/958 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ