{"id":"CVE-2017-6967","details":"xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.","modified":"2026-03-15T22:17:46.289339Z","published":"2017-03-17T09:59:00.413Z","related":["SUSE-SU-2019:1847-1","SUSE-SU-2019:1860-1","SUSE-SU-2020:1943-1","openSUSE-SU-2024:11526-1"],"references":[{"type":"ADVISORY","url":"https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742"},{"type":"ADVISORY","url":"https://github.com/neutrinolabs/xrdp/issues/350"},{"type":"ADVISORY","url":"https://github.com/neutrinolabs/xrdp/pull/694"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/neutrinolabs/xrdp","events":[{"introduced":"0"},{"last_affected":"93c55e58a884270850794c29bd0f4e2df22e22d6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.1"}]}}],"versions":["v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6967.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}