Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2017-2626

Insufficient Entropy

Published: Jul 27, 2018 | Modified: Feb 12, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
5.2 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-2626
CWEhttps://cwe.mitre.org/data/definitions/331.html

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Weakness

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Software

Name Vendor Start Version End Version
Libice Freedesktop * 1.0.9 (including)
Red Hat Enterprise Linux 7 RedHat libdrm-0:2.4.74-1.el7 *
Red Hat Enterprise Linux 7 RedHat libepoxy-0:1.3.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat libevdev-0:1.5.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat libfontenc-0:1.1.3-3.el7 *
Red Hat Enterprise Linux 7 RedHat libICE-0:1.0.9-9.el7 *
Red Hat Enterprise Linux 7 RedHat libinput-0:1.6.3-2.el7 *
Red Hat Enterprise Linux 7 RedHat libvdpau-0:1.1.1-3.el7 *
Red Hat Enterprise Linux 7 RedHat libwacom-0:0.24-1.el7 *
Red Hat Enterprise Linux 7 RedHat libX11-0:1.6.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXaw-0:1.0.13-4.el7 *
Red Hat Enterprise Linux 7 RedHat libxcb-0:1.12-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXcursor-0:1.1.14-8.el7 *
Red Hat Enterprise Linux 7 RedHat libXdmcp-0:1.1.2-6.el7 *
Red Hat Enterprise Linux 7 RedHat libXfixes-0:5.0.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXfont-0:1.5.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXfont2-0:2.0.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat libXi-0:1.7.9-1.el7 *
Red Hat Enterprise Linux 7 RedHat libxkbcommon-0:0.7.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat libxkbfile-0:1.0.9-3.el7 *
Red Hat Enterprise Linux 7 RedHat libXpm-0:3.5.12-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXrandr-0:1.5.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat libXrender-0:0.9.10-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXt-0:1.1.5-3.el7 *
Red Hat Enterprise Linux 7 RedHat libXtst-0:1.2.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXv-0:1.0.11-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXvMC-0:1.0.10-1.el7 *
Red Hat Enterprise Linux 7 RedHat libXxf86vm-0:1.1.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat mesa-0:17.0.1-6.20170307.el7 *
Red Hat Enterprise Linux 7 RedHat mesa-private-llvm-0:3.9.1-3.el7 *
Red Hat Enterprise Linux 7 RedHat vulkan-0:1.0.39.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat xcb-proto-0:1.12-2.el7 *
Red Hat Enterprise Linux 7 RedHat xkeyboard-config-0:2.20-1.el7 *
Red Hat Enterprise Linux 7 RedHat xorg-x11-proto-devel-0:7.7-20.el7 *
Libice Ubuntu bionic *
Libice Ubuntu esm-infra/xenial *
Libice Ubuntu precise *
Libice Ubuntu trusty *
Libice Ubuntu upstream *
Libice Ubuntu vivid/stable-phone-overlay *
Libice Ubuntu xenial *
Libice Ubuntu yakkety *
Libice Ubuntu zesty *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use