FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335libXdmcp -- insufficient entropy generating session keys

The freedesktop and x.org project reports:

It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Please note, that since FreeBSD provides arc4random_buf(), it is unknown if FreeBSD is affected by this vulnerability


Discovery 2017-04-04
Entry 2019-03-21
Modified 2019-03-22
libXdmcp
< 1.1.3

https://nvd.nist.gov/vuln/detail/CVE-2017-2625
https://lists.x.org/archives/xorg-announce/2019-March/002974.html
CVE-2017-2625