VDB
GCVE-110-MAGEIA-2017-330
GCVE-110-MAGEIA-2017-330
Advisory Published
XDM uses weak entropy to generate the session keys on non BSD systems.
On multi user systems it might possible to check the PID of the process
and how long it is running to get an estimate of these values, which
could allow an attacker to attach to the session of a different user
(CVE-2017-2625).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libxdmcp | 1.1.1-7.1.mga5 (unaffected), 0 (affected) | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.