The vulnerability of the ICE data exchange library X11 libICE, related to the use of a weak entropy source for key generation, allows a hacker to intercept sessions.

🗓️ 05 Feb 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

LibICE vulnerability from weak entropy for key generation enables session interception via process list data.

Reporter	Title	Published	Views	Family All 74
0day.today	X.org Privilege Escalation / Use-After-Free / Weak Entropy Vulnerabilities	2 Mar 201700:00	–	zdt
AlpineLinux	CVE-2017-2626	27 Jul 201819:00	–	alpinelinux
Tenable Nessus	CentOS 7 : libICE / libX11 / libXaw / libXcursor / libXdmcp / libXfixes / libXfont / libXfont2 / etc (CESA-2017:1865)	25 Aug 201700:00	–	nessus
Tenable Nessus	Debian DLA-2002-1 : libice security update	25 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1211)	11 Sep 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)	11 Sep 201700:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : libICE (EulerOS-SA-2020-1992)	29 Sep 202000:00	–	nessus
Tenable Nessus	Fedora 26 : libICE (2017-7ac378e011)	17 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 25 : libICE (2017-c02eb668a7)	6 Mar 201700:00	–	nessus
Tenable Nessus	Fedora 24 : libICE (2017-d068b54614)	6 Mar 201700:00	–	nessus

Vulners

Node

x.org libiceRange≤1.0.9

Source	Link
cgit	www.cgit.freedesktop.org/xorg/lib/libICE/commit/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-2626
security-tracker	www.security-tracker.debian.org/tracker/CVE-2017-2626
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 22.1

CVSS 35.5

EPSS0.00091

ice library vulnerability weak entropy key process list data session interception