1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2017-11171
PublicDate: 2017-07-11
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11171
https://bugzilla.suse.com/show_bug.cgi?id=1025068
https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d
Description:
Bad reference counting in the context of accept_ice_connection() in
gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92
allows a local attacker to establish ICE connections to gnome-session with
invalid authentication data (an invalid magic cookie). Each failed
authentication attempt will leak a file descriptor in gnome-session. When
the maximum number of file descriptors is exhausted in the gnome-session
process, it will enter an infinite loop trying to communicate without
success, consuming 100% of the CPU. The graphical session associated with
the gnome-session process will stop working correctly, because
communication with gnome-session is no longer possible.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_gnome-session:
upstream_gnome-session: released (2.30.0-1)
precise/esm_gnome-session: DNE
trusty_gnome-session: not-affected
vivid/ubuntu-core_gnome-session: DNE
xenial_gnome-session: not-affected
yakkety_gnome-session: not-affected
zesty_gnome-session: not-affected
devel_gnome-session: not-affected
|