CVE-2017-11171

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.

Un mal conteo de referencias en el contexto de la función accept_ice_connection() en el archivo gsm-xsmp-server.c en versiones anteriores de gnome-session hasta la versión 2.29.92, permite a un atacante local establecer conexiones ICE en gnome-session con datos de autenticación no válidos (cookie magic no válida). Cada intento de autenticación fallido filtrará un descriptor de archivo en gnome-session. Cuando se agote el número máximo de descriptores de archivo en el proceso de gnome-session, entrará en un bucle infinito intentando comunicarse sin éxito, consumiendo el 100% de la CPU. La sesión gráfica asociada con el proceso de gnome-session dejará de funcionar correctamente, porque ya no es posible la comunicación con gnome-session.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-07-11 CVE Reserved
2017-07-11 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (2)

URL	Tag	Source
https://bugzilla.suse.com/show_bug.cgi?id=1025068	Issue Tracking
https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Gnome-session Search vendor "Gnome" for product "Gnome-session"				<= 2.29.92 Search vendor "Gnome" for product "Gnome-session" and version " <= 2.29.92"		-		Affected