Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 19 Aug 2016 09:59:16 +1000
From: x ksi <s3810@...stk.edu.pl>
To: oss-security@...ts.openwall.com
Cc: eric.pruitt@...il.com, cve-assign@...re.org
Subject: Re: Re: CVE request - slock, all versions NULL pointer dereference

Hey,

Just for the record... http://s1m0n.dft-labs.eu/files/slock/ . Vendor
was notified about this issue on 2015-11-13.


Thanks,
F

2016-08-19 7:13 GMT+10:00  <cve-assign@...re.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> The screen locking application slock (http://tools.suckless.org/slock/)
>> calls crypt(3) and uses the return value for strcmp(3) without checking
>> to see if the return value of crypt(3) was a NULL pointer. If the hash
>> returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL
>> and set errno to EINVAL. This will cause slock to segfault which then
>> leaves the machine unprotected. A couple of common scenarios where this
>> might happen are:
>>
>> - a machine using NSS for authentication; on the machine I discovered
>>   this bug, (getspnam()->sp_pwdp) returns "*".
>> - the user's account has been disabled for one reason or another; maybe
>>   account expiry or password expiry.
>
> Use CVE-2016-6866.
>
> - --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJXtiRVAAoJEHb/MwWLVhi2sacP+gMeIHHCDQ9cy+JpK1eCnSCS
> sazQCwgyDrGdrT9a842vGgkenEmHfeIwJHlpsMsmB4SBhRjUkWSMDKwh/VYyIFAI
> U3bIi2B3jqG70onrQJnHPYisz/shOdyv5m4GxTCFVn17i0R4iJ9h3yO7coFG2QMT
> GxMlm+QkxvUiTz4hEKI6pt7Cpca/5819cqs7fJr368zP1KB54b0dIRNFzFYMOyqk
> Q6M9SvJICMz5j5rrxYFijhfTrB8AiuU0XNgwZs/sJhRXy8xdf1n+m5C60eDLG+o4
> Qx2KzHhlDScl680OQNi77MCSHq8Ffb5bEWZDsxujqcN3p4JDGMTBKAJ2vWfDajog
> 7Ugaqz4ddnj2EY8+ZL6jPzxq1HqBbUmwCCCwvoeltF6etclaGB4Hps6p7ffB3zQy
> rXsAUC659T/xPURObeHB+krNEadz/lcx1/ucA7+DXmtBmd/oHDYsbwU91M/z+oCQ
> 6K/CIT2ZTKbUPDP8mdQfpgPsURRXc+oMl8AsUf9OBlnNPn1MGeGfbNOUZz8tJnuT
> coI//OylyihxjQaOK36vxTu4WtMtvH+bR6tH39TSTxyyKiOFG4xavWCJpshUwDa0
> tx9QK6RbbWLfIm+PaSkiFqpsZ+oy25DI2FmUPe47u8qStCAVm5TSnOi3/YuPfTMr
> osR1b1FAQ/zhY7kYhD1n
> =HbWC
> -----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ