xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xrdp | Neutrinolabs | 0.9.17 (including) | 0.9.17 (including) |
| Xrdp | Neutrinolabs | 0.9.18 (including) | 0.9.18 (including) |
| Xrdp | Ubuntu | bionic | * |
| Xrdp | Ubuntu | esm-apps/bionic | * |
| Xrdp | Ubuntu | esm-apps/focal | * |
| Xrdp | Ubuntu | esm-apps/jammy | * |
| Xrdp | Ubuntu | esm-apps/xenial | * |
| Xrdp | Ubuntu | impish | * |
| Xrdp | Ubuntu | kinetic | * |
| Xrdp | Ubuntu | lunar | * |
| Xrdp | Ubuntu | mantic | * |
| Xrdp | Ubuntu | trusty | * |
| Xrdp | Ubuntu | trusty/esm | * |
| Xrdp | Ubuntu | xenial | * |