Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2017-2625: ELSA-2017-1865: X.org X11 libraries security, bug fix and enhancement update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2017-2625: ELSA-2017-1865: X.org X11 libraries security, bug fix and enhancement update (MODERATE) (Multiple Advisories)

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

02/28/2017

Created

07/25/2018

Added

08/08/2017

Modified

07/22/2024

Description

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Solution(s)

oracle-linux-upgrade-drm-utils
oracle-linux-upgrade-libdrm
oracle-linux-upgrade-libdrm-devel
oracle-linux-upgrade-libepoxy
oracle-linux-upgrade-libepoxy-devel
oracle-linux-upgrade-libevdev
oracle-linux-upgrade-libevdev-devel
oracle-linux-upgrade-libevdev-utils
oracle-linux-upgrade-libfontenc
oracle-linux-upgrade-libfontenc-devel
oracle-linux-upgrade-libice
oracle-linux-upgrade-libice-devel
oracle-linux-upgrade-libinput
oracle-linux-upgrade-libinput-devel
oracle-linux-upgrade-libvdpau
oracle-linux-upgrade-libvdpau-devel
oracle-linux-upgrade-libvdpau-docs
oracle-linux-upgrade-libwacom
oracle-linux-upgrade-libwacom-data
oracle-linux-upgrade-libwacom-devel
oracle-linux-upgrade-libx11
oracle-linux-upgrade-libx11-common
oracle-linux-upgrade-libx11-devel
oracle-linux-upgrade-libxaw
oracle-linux-upgrade-libxaw-devel
oracle-linux-upgrade-libxcb
oracle-linux-upgrade-libxcb-devel
oracle-linux-upgrade-libxcb-doc
oracle-linux-upgrade-libxcursor
oracle-linux-upgrade-libxcursor-devel
oracle-linux-upgrade-libxdmcp
oracle-linux-upgrade-libxdmcp-devel
oracle-linux-upgrade-libxfixes
oracle-linux-upgrade-libxfixes-devel
oracle-linux-upgrade-libxfont
oracle-linux-upgrade-libxfont2
oracle-linux-upgrade-libxfont2-devel
oracle-linux-upgrade-libxfont-devel
oracle-linux-upgrade-libxi
oracle-linux-upgrade-libxi-devel
oracle-linux-upgrade-libxkbcommon
oracle-linux-upgrade-libxkbcommon-devel
oracle-linux-upgrade-libxkbcommon-x11
oracle-linux-upgrade-libxkbcommon-x11-devel
oracle-linux-upgrade-libxkbfile
oracle-linux-upgrade-libxkbfile-devel
oracle-linux-upgrade-libxpm
oracle-linux-upgrade-libxpm-devel
oracle-linux-upgrade-libxrandr
oracle-linux-upgrade-libxrandr-devel
oracle-linux-upgrade-libxrender
oracle-linux-upgrade-libxrender-devel
oracle-linux-upgrade-libxt
oracle-linux-upgrade-libxt-devel
oracle-linux-upgrade-libxtst
oracle-linux-upgrade-libxtst-devel
oracle-linux-upgrade-libxv
oracle-linux-upgrade-libxv-devel
oracle-linux-upgrade-libxvmc
oracle-linux-upgrade-libxvmc-devel
oracle-linux-upgrade-libxxf86vm
oracle-linux-upgrade-libxxf86vm-devel
oracle-linux-upgrade-mesa-dri-drivers
oracle-linux-upgrade-mesa-filesystem
oracle-linux-upgrade-mesa-libegl
oracle-linux-upgrade-mesa-libegl-devel
oracle-linux-upgrade-mesa-libgbm
oracle-linux-upgrade-mesa-libgbm-devel
oracle-linux-upgrade-mesa-libgl
oracle-linux-upgrade-mesa-libglapi
oracle-linux-upgrade-mesa-libgl-devel
oracle-linux-upgrade-mesa-libgles
oracle-linux-upgrade-mesa-libgles-devel
oracle-linux-upgrade-mesa-libosmesa
oracle-linux-upgrade-mesa-libosmesa-devel
oracle-linux-upgrade-mesa-libxatracker
oracle-linux-upgrade-mesa-libxatracker-devel
oracle-linux-upgrade-mesa-private-llvm
oracle-linux-upgrade-mesa-private-llvm-devel
oracle-linux-upgrade-mesa-vulkan-drivers
oracle-linux-upgrade-vulkan
oracle-linux-upgrade-vulkan-devel
oracle-linux-upgrade-vulkan-filesystem
oracle-linux-upgrade-xcb-proto
oracle-linux-upgrade-xkeyboard-config
oracle-linux-upgrade-xkeyboard-config-devel
oracle-linux-upgrade-xorg-x11-proto-devel

References

https://attackerkb.com/topics/cve-2017-2625
CVE - 2017-2625
ELSA-2017-1865

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2017-2625: ELSA-2017-1865: X.org X11 libraries security, bug fix and enhancement update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2017-2625: ELSA-2017-1865: X.org X11 libraries security, bug fix and enhancement update (MODERATE) (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.