23 matches found
RHEL 6 : libxdmcp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libXdmcp: weak entropy usage for session keys CVE-2017-2625 Note that Nessus has not tested for this issue but has...
Ubuntu 16.04 ESM : libXdmcp vulnerability (USN-5690-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5690-1 advisory. It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain anothe...
Mageia: Security Advisory (MGASA-2017-0330)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libXdmcp (EulerOS-SA-2020-2034)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-2625
CVE-2017-2625 concerns libXdmcp prior to 1.1.2, which used weak entropy to generate session keys. On multi-user systems using xdmcp, a local attacker could examine process-list information to brute-force the key and hijack other users’ sessions. The issue is limited to the key-generation path; no...
CVE-2017-2625
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...
SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2018:0338-1)
This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...
SUSE-SU-2018:0338-1 Security update for libXdmcp
This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046...
EulerOS 2.0 SP1 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1211)
According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...
EulerOS 2.0 SP2 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)
According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...
Updated libxdmcp packages fix security vulnerability
XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...
CentOS 7 : libICE / libX11 / libXaw / libXcursor / libXdmcp / libXfixes / libXfont / libXfont2 / etc (CESA-2017:1865)
An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...
Oracle Linux 7 : X.org / X11 / libraries (ELSA-2017-1865)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1865 advisory. - Use libbsd for randoms CVE-2017-2626, rhbz1427715 - Use libbsd for randoms CVE-2017-2625, rhbz1427716 - fixes CVE-2016-5407 - fixes CVE-2016-7953...
RedHat Update for X.org X11 libraries RHSA-2017:1865-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : X.org X11 libraries (RHSA-2017:1865)
An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...
SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2017:1862-1)
This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...
SUSE SLES11 Security Update : xorg-x11-libXdmcp (SUSE-SU-2017:1868-1)
This update for xorg-x11-libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directl...
openSUSE Security Update : libXdmcp (openSUSE-2017-789)
This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable boo1025046 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...