CVE-2017-2626
libICE: weak entropy usage in session keys
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Se ha descubierto que libICE en versiones anteriores a la 1.0.9-8 usaba una entropía débil para generar claves. Un atacante local podría utilizar este fallo para secuestrar sesiones utilizando la información disponible en la lista de procesos.
It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
X.org suffers from privilege escalation, weak entropy, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-03-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-331: Insufficient Entropy
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2019/07/14/3 | Mailing List | |
http://www.securityfocus.com/bid/96480 | Third Party Advisory | |
http://www.securitytracker.com/id/1037919 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html | Mailing List | |
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg | Mitigation |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626 | 2023-02-12 | |
https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b | 2023-02-12 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1865 | 2023-02-12 | |
https://security.gentoo.org/glsa/201704-03 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-2626 | 2017-08-01 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1424992 | 2017-08-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freedesktop Search vendor "Freedesktop" | Libice Search vendor "Freedesktop" for product "Libice" | <= 1.0.9 Search vendor "Freedesktop" for product "Libice" and version " <= 1.0.9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|