pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d4fbc9cb7f
vuln-list-alt/oval/p9/ALT-PU-2023-5781/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

399 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20235781",
"Version": "oval:org.altlinux.errata:def:20235781",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-5781: package `xrdp` update to version 0.9.21.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-5781",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-5781",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-05759",
"RefURL": "https://bdu.fstec.ru/vul/2022-05759",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07224",
"RefURL": "https://bdu.fstec.ru/vul/2022-07224",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07225",
"RefURL": "https://bdu.fstec.ru/vul/2022-07225",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07306",
"RefURL": "https://bdu.fstec.ru/vul/2022-07306",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07307",
"RefURL": "https://bdu.fstec.ru/vul/2022-07307",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07308",
"RefURL": "https://bdu.fstec.ru/vul/2022-07308",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07309",
"RefURL": "https://bdu.fstec.ru/vul/2022-07309",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07310",
"RefURL": "https://bdu.fstec.ru/vul/2022-07310",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07311",
"RefURL": "https://bdu.fstec.ru/vul/2022-07311",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07312",
"RefURL": "https://bdu.fstec.ru/vul/2022-07312",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07313",
"RefURL": "https://bdu.fstec.ru/vul/2022-07313",
"Source": "BDU"
},
{
"RefID": "CVE-2022-23468",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23468",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23477",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23478",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23479",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23480",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23480",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23481",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23481",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23482",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23482",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23483",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23483",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23484",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23484",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23493",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23493",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23613",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23613",
"Source": "CVE"
}
],
"Description": "This update upgrades xrdp to version 0.9.21.1-alt2. \nSecurity Fix(es):\n\n * BDU:2022-05759: Уязвимость сервера XRDP, связанная с целочисленной потерей значимости, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-07224: Уязвимость функции audin_send_open сервера xrdp, позволяющая нарушителю получить доступ к удалённой машине\n\n * BDU:2022-07225: Уязвимость функции xrdp_mm_trans_process_drdynvc_channel_open сервера XRDP, позволяющая нарушителю получить доступ к удалённой машине\n\n * BDU:2022-07306: Уязвимость функции devredir_proc_client_devlist_announce_req() сервера XRDP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07307: Уязвимость функции xrdp_mm_process_rail_update_window_text() сервера XRDP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07308: Уязвимость функции libxrdp_send_to_channel() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-07309: Уязвимость функции xrdp_mm_chan_data_in() сервера XRDP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07310: Уязвимость функции xrdp_mm_trans_process_drdynvc_channel_close() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * BDU:2022-07311: Уязвимость функции xrdp_sec_process_mcs_data_CS_CORE() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * BDU:2022-07312: Уязвимость функции xrdp_login_wnd_create() сервера XRDP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07313: Уязвимость функции xrdp_caps_process_confirm_active() сервера XRDP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * CVE-2022-23468: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23477: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23478: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23479: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23480: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23481: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23482: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23484: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23493: xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp \u003c v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n * CVE-2022-23613: xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-09-25"
},
"Updated": {
"Date": "2023-09-25"
},
"BDUs": [
{
"ID": "BDU:2022-05759",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://bdu.fstec.ru/vul/2022-05759",
"Impact": "High",
"Public": "20220210"
},
{
"ID": "BDU:2022-07224",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07224",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07225",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-07225",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07306",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07306",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07307",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-07307",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07308",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-07308",
"Impact": "High",
"Public": "20221209"
},
{
"ID": "BDU:2022-07309",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07309",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07310",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-07310",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07311",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-07311",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07312",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07312",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "BDU:2022-07313",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-07313",
"Impact": "Critical",
"Public": "20221209"
}
],
"CVEs": [
{
"ID": "CVE-2022-23468",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23468",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23477",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23477",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23478",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23478",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23479",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23479",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23480",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23480",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23481",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23481",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23482",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23482",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23483",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23483",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23484",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23484",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23493",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23493",
"Impact": "Critical",
"Public": "20221209"
},
{
"ID": "CVE-2022-23613",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23613",
"Impact": "High",
"Public": "20220207"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20235781001",
"Comment": "xorg-drv-xrdp is earlier than 0:0.9.21.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20235781002",
"Comment": "xrdp is earlier than 0:0.9.21.1-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink