脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow
脆弱性説明
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
脆弱性タイプ
栈缓冲区溢出
脆弱性タイトル
xrdp 安全漏洞
脆弱性説明
xrdp是neutrinolabs开源的一款开源远程桌面协议服务器。 xrdp v0.10.5之前版本存在安全漏洞,该漏洞源于处理用户域信息时边界检查不当,可能导致基于栈的缓冲区溢出和执行任意代码。
CVSS情報
N/A
脆弱性タイプ
N/A