Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0330
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0330)
Summary:	The remote host is missing an update for the 'libxdmcp' package(s) announced via the MGASA-2017-0330 advisory.
Description:	Summary: The remote host is missing an update for the 'libxdmcp' package(s) announced via the MGASA-2017-0330 advisory. Vulnerability Insight: XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user (CVE-2017-2625). Affected Software/OS: 'libxdmcp' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2625 1037919 http://www.securitytracker.com/id/1037919 96480 http://www.securityfocus.com/bid/96480 GLSA-201704-03 https://security.gentoo.org/glsa/201704-03 RHSA-2017:1865 https://access.redhat.com/errata/RHSA-2017:1865 [debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625 https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.