Date: Thu, 23 Nov 2017 09:54:05 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager Hi MITRE has assigned CVE-2017-16927 for a buffer-overflow flaw in the scp_v0s_accept function in xrdp's session manager (in default configurations running as root and listening on the loopback address, so potentially triggerable by any local user): https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA Quoting the reference: > The code in question is sesman/libscp/libscp_v0.c, around lines 228 > and 240: a 16-bit unsigned int is read from the input stream to > represent the string length (for username and password input), and > used without validation to index/copy from the input stream into a > 257-byte buffer. There is a proposed patch/pull request: https://github.com/neutrinolabs/xrdp/pull/958 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.