Vulnerabilities > CVE-2013-1430 - Credentials Management vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1847-1.NASL description This update for xrdp fixes the following issues : These security issues were fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user last seen 2020-06-01 modified 2020-06-02 plugin id 126738 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126738 title SUSE SLED12 / SLES12 Security Update : xrdp (SUSE-SU-2019:1847-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1847-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(126738); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2013-1430", "CVE-2017-16927", "CVE-2017-6967"); script_name(english:"SUSE SLED12 / SLES12 Security Update : xrdp (SUSE-SU-2019:1847-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for xrdp fixes the following issues : These security issues were fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1014524" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1015567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029912" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1069591" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090174" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1100453" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1101506" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-1430/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16927/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-6967/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191847-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d69cce7d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1847=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1847=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6967"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xrdp"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-8FFFBAE8AF.NASL description WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don last seen 2020-06-05 modified 2017-02-24 plugin id 97365 published 2017-02-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97365 title Fedora 25 : 1:xrdp (2017-8fffbae8af) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-8fffbae8af. # include("compat.inc"); if (description) { script_id(97365); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1430"); script_xref(name:"FEDORA", value:"2017-8fffbae8af"); script_name(english:"Fedora 25 : 1:xrdp (2017-8fffbae8af)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty : - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend that will really work is still Xvnc for now. New features - New xorgxrdp backend using existing Xorg with additional modules - Improvements to X11rdp backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX Codec (disabled by default) - Support for TLS security layer (preferred over RDP layer if supported by the client) - Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini - Support for bidirectional fastpath (enabled in both directions by default) - Support clients that don't support drawing orders, such as MS RDP client for Android, ChromeRDP (disabled by default) - More configurable login screen - Support for new virtual channels : - rdpdr: device redirection - rdpsnd: audio output - cliprdr: clipboard - xrdpvr: xrdp video redirection channel (can be used along with NeutrinoRDP client) - Support for disabling virtual channels globally or by session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) - Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could be recovered from the Xvnc password file - X11 authentication was not used Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8fffbae8af" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:xrdp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:xrdp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"xrdp-0.9.1-5.fc25", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:xrdp"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1860-1.NASL description This update for xrdp fixes the following issues : Security issues fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user last seen 2020-06-01 modified 2020-06-02 plugin id 126771 published 2019-07-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126771 title SUSE SLES12 Security Update : xrdp (SUSE-SU-2019:1860-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1860-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(126771); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2013-1430", "CVE-2017-16927", "CVE-2017-6967"); script_name(english:"SUSE SLES12 Security Update : xrdp (SUSE-SU-2019:1860-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for xrdp fixes the following issues : Security issues fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). Other issues addressed: The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) Fixed an issue with delayed X KeyRelease events (bsc#1100453) Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) Avoid use of hard-coded sesman port. (bsc#1060644) Backport upstream commit 5575197, sesman should stop setting LANG and let initialization scripts take care of it (bsc#1023988). Backport upstream patches for 32bpp support (bsc#1022098). Fixed a regression connecting from Windows 10. (bsc#1090174) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1014524" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1015567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022098" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1023988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029912" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1069591" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090174" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1100453" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1101506" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-1430/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16927/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-6967/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191860-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?042b34d1" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1860=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1860=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1860=1 SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-1860=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6967"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-0.9.0~git.1456906198.f422461-16.9.3")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xrdp"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-05E32FE278.NASL description WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don last seen 2020-06-05 modified 2017-03-03 plugin id 97500 published 2017-03-03 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97500 title Fedora 24 : 1:xrdp (2017-05e32fe278) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-05e32fe278. # include("compat.inc"); if (description) { script_id(97500); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1430"); script_xref(name:"FEDORA", value:"2017-05e32fe278"); script_name(english:"Fedora 24 : 1:xrdp (2017-05e32fe278)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty : - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend that will really work is still Xvnc for now. New features - New xorgxrdp backend using existing Xorg with additional modules - Improvements to X11rdp backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX Codec (disabled by default) - Support for TLS security layer (preferred over RDP layer if supported by the client) - Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini - Support for bidirectional fastpath (enabled in both directions by default) - Support clients that don't support drawing orders, such as MS RDP client for Android, ChromeRDP (disabled by default) - More configurable login screen - Support for new virtual channels : - rdpdr: device redirection - rdpsnd: audio output - cliprdr: clipboard - xrdpvr: xrdp video redirection channel (can be used along with NeutrinoRDP client) - Support for disabling virtual channels globally or by session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) - Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could be recovered from the Xvnc password file - X11 authentication was not used Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:xrdp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:xrdp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"xrdp-0.9.1-5.fc24", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:xrdp"); }