VDB

GCVE-110-MAGEIA-2017-330

GCVE-110-MAGEIA-2017-330
Advisory Published
Vulnetix · Advisory published September 7, 2017
XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user (CVE-2017-2625).

Affected Products

VendorProductVersionsPlatforms
Mageialibxdmcp1.1.1-7.1.mga5 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›