Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 13 Jun 2013 17:57:07 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Alan Coopersmith <alan.coopersmith@...cle.com>,
        "X.Org Security Team" <xorg-security@...ts.x.org>, mancha1@...h.com,
        "X.Org Development" <xorg-devel@...ts.x.org>
Subject: Re: CVE request for possible NULL ptr deref in XDM
 when using crypt() from glibc 2.17+

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/11/2013 05:47 PM, Alan Coopersmith wrote:
> It's been suggested we get a CVE id assigned for this recent fix to
> the xdm display/login manager from X.Org:
> 
> http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117
>
>  Without this fix, if xdm is built to use raw crypt()
> authentication, instead of a higher level system such as PAM or BSD
> Auth, and that crypt() function can return a NULL pointer (as glibc
> 2.17+ does for invalid input, such as when an account is locked by
> prepending a "!" to the password field), then attempting to login
> to such an account via xdm can crash the xdm daemon.
> 
> For single user console machines, this generally just means you get
> the text console login prompt instead.   For machines set up to
> support multiple seats, remote XDMCP access, or X terminals (such
> as LTSP setups using xdm), this may be a denial of service for
> users on those other seats/terminals /devices.
> 


Please use CVE-2013-2179 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRulxTAAoJEBYNRVNeJnmTI9wP/1LWPFOfR+/Z/1mM77kBbt+K
WqXL20xy5rXRKSYUCDAIE2QLwK+FFwoEP8kB0SzYAp2KQ/Tnq99HWN8Xdb0lT3+A
sxQF5Dy8DCYr5ME5lvYraYxRyFOqal3mx3TGY9dGvzBGB4iOsJ24xPrPzz4uA0iv
IGnltkD1dHiHbVfIsYqrFrdXqN8q1NyRJHWV+L2mLW/iGfIIpw1W289x/8xjBd8Y
ZEfckYr8aLpq5kkf8KT3ua+C0Y99U0n7+TFcxgFPmCkgE57U4dzpFdbAV6iJ69hw
ahyB62MQT6WFtSvUqnl0VP+CclgKZyDvkxzyPkWFBFIuQqTyDOMqyzPXrF9v9C1p
idVxpEHK3w1bdWGrJswYtTqWHE+4PEjeiMYJSDIw/pnINT99z349wlK2tLixCt+z
CGEMelGZvAIgL8pvEnnKfrip0nRbjIFvJGMrdC6uLHNsQvkosMDx7zSOteq60L+d
/yZxOFGjH2+BxFJfSobAlY28E8XTUvG+8o0SEBGq82oPbbAL5KBbbEw9XGcERTT8
rQ0f8xd8Cvdw9fLaVg0FWDircqqtVNhFGwy1tAUE9NokFZlN94ljV5+F7Bhi1OHA
MuRP5doyWSD+4EsGBG1HhIKAj4spszGp/nl4PTu+aAVx0+209RUMmWCH06h2LbIj
4YqMWveDHUo7h+FXZu9z
=VM3h
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.