{"containers": {"cna": {"affected": [{"product": "libICE", "vendor": "Xorg", "versions": [{"status": "affected", "version": "1.0.9-8"}]}], "datePublic": "2017-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-23T23:07:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"}, {"name": "GLSA-201704-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201704-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"}, {"name": "RHSA-2017:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1865"}, {"name": "1037919", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037919"}, {"name": "96480", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96480"}, {"tags": ["x_refsource_MISC"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"}, {"name": "[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"}, {"name": "[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:06.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"}, {"name": "GLSA-201704-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201704-03"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"}, {"name": "RHSA-2017:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1865"}, {"name": "1037919", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037919"}, {"name": "96480", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96480"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"}, {"name": "[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"}, {"name": "[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2626", "datePublished": "2018-07-27T19:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:06.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:libice:*:*:*:*:*:*:*:*", "matchCriteriaId": "432B67E9-224C-474E-8BEB-F0422AA2FF0F", "versionEndIncluding": "1.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."}, {"lang": "es", "value": "Se ha descubierto que libICE en versiones anteriores a la 1.0.9-8 usaba una entrop\u00eda d\u00e9bil para generar claves. Un atacante local podr\u00eda utilizar este fallo para secuestrar sesiones utilizando la informaci\u00f3n disponible en la lista de procesos."}], "id": "CVE-2017-2626", "lastModified": "2023-02-12T23:29:20.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-27T19:29:00.377", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96480"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037919"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1865"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201704-03"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-331"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libdrm-0:2.4.74-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libepoxy-0:1.3.1-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libevdev-0:1.5.6-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libfontenc-0:1.1.3-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libICE-0:1.0.9-9.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libinput-0:1.6.3-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvdpau-0:1.1.1-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libwacom-0:0.24-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libX11-0:1.6.5-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXaw-0:1.0.13-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libxcb-0:1.12-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXcursor-0:1.1.14-8.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXdmcp-0:1.1.2-6.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXfixes-0:5.0.3-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXfont-0:1.5.2-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXfont2-0:2.0.1-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXi-0:1.7.9-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libxkbcommon-0:0.7.1-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libxkbfile-0:1.0.9-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXpm-0:3.5.12-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXrandr-0:1.5.1-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXrender-0:0.9.10-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXt-0:1.1.5-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXtst-0:1.2.3-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXv-0:1.0.11-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXvMC-0:1.0.10-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libXxf86vm-0:1.1.4-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mesa-0:17.0.1-6.20170307.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mesa-private-llvm-0:3.9.1-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "vulkan-0:1.0.39.1-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xcb-proto-0:1.12-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xkeyboard-config-0:2.20-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1865", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-proto-devel-0:7.7-20.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "libICE: weak entropy usage in session keys", "id": "1424992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424992"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-331", "details": ["It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.", "It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."], "name": "CVE-2017-2626", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libICE", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libICE", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2626\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2626"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}