Key management errors in libxdmcp (Alpine package)

Published: 2017-05-31

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2017-2625
CWE-ID	CWE-320
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	libxdmcp (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Key management errors

EUVDB-ID: #VU32096

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-2625

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libxdmcp (Alpine package): 1.1.2-r2

CPE2.3

cpe:2.3:o:alpine:libxdmcp_alpine_package:1.1.2-r2:*:*:*:*:alpine_linux:*:3.5

External links

https://git.alpinelinux.org/aports/commit/?id=27cf05f3f054c20dc23398592e8c2d4feb79e7f2
https://git.alpinelinux.org/aports/commit/?id=7560948637780d243514c54d16631717c9e058ee
https://git.alpinelinux.org/aports/commit/?id=b83414a37ae782cd07ba66c11633c023de41f836

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.