Bugzilla – Bug 1029912
VUL-0: CVE-2017-6967: xrdp: 0.9.1 calls the PAM function auth_start_session() in an incorrect location
Last modified: 2022-11-30 08:33:24 UTC
CVE-2017-6967 xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6967 https://github.com/neutrinolabs/xrdp/pull/694 https://github.com/neutrinolabs/xrdp/issues/350 https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
SUSE-SU-2019:1847-1: An update that solves three vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1014524,1015567,1029912,1060644,1069591,1090174,1100453,1101506 CVE References: CVE-2013-1430,CVE-2017-16927,CVE-2017-6967 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): xrdp-0.9.0~git.1456906198.f422461-21.9.1 SUSE Linux Enterprise Desktop 12-SP4 (src): xrdp-0.9.0~git.1456906198.f422461-21.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1860-1: An update that solves three vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1014524,1015567,1022098,1023988,1029912,1060644,1069591,1090174,1100453,1101506 CVE References: CVE-2013-1430,CVE-2017-16927,CVE-2017-6967 Sources used: SUSE OpenStack Cloud 7 (src): xrdp-0.9.0~git.1456906198.f422461-16.9.3 SUSE Linux Enterprise Server for SAP 12-SP2 (src): xrdp-0.9.0~git.1456906198.f422461-16.9.3 SUSE Linux Enterprise Server 12-SP2-LTSS (src): xrdp-0.9.0~git.1456906198.f422461-16.9.3 SUSE Enterprise Storage 4 (src): xrdp-0.9.0~git.1456906198.f422461-16.9.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Team. I have a SR from the customer who upgraded xrdp package from to and now xrdp-sessman is crasing with the following backtrace in the coredump: #0 0x00007ff5ce80cfd7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x00007ff5ce80e3aa in __GI_abort () at abort.c:78 #2 0x00007ff5ce84c164 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ff5ce946088 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ff5ce8515d6 in malloc_printerr (action=3, str=0x7ff5ce946100 "double free or corruption (!prev)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5018 #4 0x00007ff5ce85241b in _int_free (av=0x7ff5ceb77640 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:3872 #5 0x0000000000408183 in auth_end (in_val=in_val@entry=34955200) at verify_user_pam.c:316 #6 0x0000000000403fb8 in scp_v0_process (c=c@entry=0x7ffde7017450, s=0x2156410) at scp_v0.c:178 #7 0x0000000000403dda in scp_process_start (sck=sck@entry=0x6) at scp.c:58 #8 0x0000000000403833 in sesman_main_loop () at sesman.c:112 #9 main (argc=<optimized out>, argv=<optimized out>) at sesman.c:380 Not sure, but it seems the issue is related to this patch. I've asked the customer to rollback the package to the original version from pool repo and now it works fine. All other packages are up to date. Do you need the coredump?
seems to be also missing SUSE:SLE-11-SP3:Update
Released, closing.