PT-2018-7145 · X.Org+5 · Libxdmcp+5

Eric Sesterhenn

Publicado

2017-07-14

Atualizado

2024-06-15

CVE-2017-2625

CVSS v3.1

6.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: libXdmcp versions prior to 1.1.2

Description: A weakness in entropy used for generating session keys was found. On a multi-user system using xdmcp, a local attacker could potentially use information from the process list to brute force the key, allowing them to hijack other users' sessions.

Recommendations: For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-331CWE-320

Identificadores relacionados

ALT-PU-2019-1466

CESA-2017_1865

CVE-2017-2625

DLA-2006-1

MGASA-2017-0330

OPENSUSE-SU-2024:10920-1

RHSA-2017:1865

RHSA-2017_1865

SUSE-SU-2017:1862-1

SUSE-SU-2017:1868-1

SUSE-SU-2017_1862-1

SUSE-SU-2017_1868-1

SUSE-SU-2018:0338-1

SUSE-SU-2018_0338-1

USN-5690-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxdmcp

PT-2018-7145 · X.Org+5 · Libxdmcp+5

CVE-2017-2625

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 183