CVE-2017-2625
published 2018-07-27CVE-2017-2625: It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could…
medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxdmcp | < libxdmcp 1:1.1.2-2 (bookworm) | libxdmcp 1:1.1.2-2 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| x.org | libxdmcp | < 1.1.2 | 1.1.2 |
| xorg | libxdmcp | — | — |
| xorg | libxdmcp | >= 0 < 1:1.1.2-2 | 1:1.1.2-2 |
| xorg | libxdmcp | >= 0 < 1:1.1.2-2 | 1:1.1.2-2 |
| xorg | libxdmcp | >= 0 < 1:1.1.2-2 | 1:1.1.2-2 |
| xorg | libxdmcp | >= 0 < 1:1.1.2-2 | 1:1.1.2-2 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM