CVE-2017-2626

Published: Jul 27, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Affected (7)

Products: Freedesktop: Libice · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Libice	Up to 1.0.9

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (18)

http://www.openwall.com/lists/oss-security/2019/07/14/3

Source: secalert@redhat.com

http://www.securityfocus.com/bid/96480

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037919

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1865

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b

Source: secalert@redhat.com

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201704-03

Source: secalert@redhat.com

Third Party Advisory

https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/

Source: secalert@redhat.com

MitigationThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/07/14/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/96480

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037919

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1865

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201704-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.