The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0387-1 advisory.

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function.
    There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23468)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function.
    There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23479)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in     devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users     are advised to upgrade. (CVE-2022-23480)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active()     function. There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23481)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE()     function. There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23482)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function.
    There are no known workarounds for this issue. Users are advised to upgrade. (CVE-2022-23483)

  - xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote     Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in     xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users     are advised to upgrade. (CVE-2022-23484)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : xrdp (SUSE-SU-2023:0387-1)

critical Nessus Plugin ID 171494

Version 1.3