CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

CVSS v3 6.5 MEDIUM
CVSS v2.0 2.1 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/96480	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037919	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1865	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625	Issue Tracking Third Party Advisory
https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
https://security.gentoo.org/glsa/201704-03	Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/	Exploit Third Party Advisory
http://www.securityfocus.com/bid/96480	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037919	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1865	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625	Issue Tracking Third Party Advisory
https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
https://security.gentoo.org/glsa/201704-03	Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:x.org:libxdmcp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 03:23

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 6.5
References	~~() http://www.securityfocus.com/bid/96480 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/96480 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037919 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1037919 - Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/errata/RHSA-2017:1865 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:1865 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625 - Issue Tracking, Third Party Advisory
References	~~() https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f - Third Party Advisory~~	() https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html -~~	() https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html -
References	~~() https://security.gentoo.org/glsa/201704-03 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201704-03 - Third Party Advisory
References	~~() https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ - Exploit, Third Party Advisory~~	() https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ - Exploit, Third Party Advisory

Information

Published : 2018-07-27 18:29

Updated : 2024-11-21 03:23

NVD link : CVE-2017-2625

Mitre link : CVE-2017-2625

CVE.ORG link : CVE-2017-2625

JSON object : View

Products Affected

redhat

enterprise_linux
enterprise_linux_desktop
enterprise_linux_server_eus
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_aus

x.org

libxdmcp

CWE

CWE-331

Insufficient Entropy

CWE-320

Key Management Errors

{"id": "CVE-2017-2625", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-07-27T18:29:00.860", "references": [{"url": "http://www.securityfocus.com/bid/96480", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1037919", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1865", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201704-03", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", "tags": ["Exploit", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/96480", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037919", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1865", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201704-03", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-331"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-320"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."}, {"lang": "es", "value": "Se ha descubierto que libXdmcp en versiones anteriores a la 1.1.2 usaba entrop\u00eda d\u00e9bil para generar claves de sesi\u00f3n. En un sistema multiusuario que utilice xdmcp, un atacante local podr\u00eda utilizar la informaci\u00f3n disponible en la lista de procesos para usar un ataque de fuerza bruta en la clave, permiti\u00e9ndole secuestrar las sesiones de otros usuarios."}], "lastModified": "2024-11-21T03:23:51.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxdmcp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0896D7E-B141-40BB-A78B-7BB07F46830D", "versionEndExcluding": "1.1.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-2625

6.5^/10

2.1^/10

Attach tags to `CVE-2017-2625`