Date: Tue, 07 Jan 2014 14:50:24 -0500 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: oss-security@...ts.openwall.com, 683338@...s.debian.org Subject: Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference [replying to http://www.openwall.com/lists/oss-security/2014/01/07/5] On 01/07/2014 05:47 AM, Guido Berhoerster wrote: > an openSUSE user discovered that it is trivial to crash > lightdm-gtk-greeter by entering an empty username due to a NULL > pointer dereference. When a greeter crashes the lightdm daemon > exits. > This constitutes a local denial of service which can be triggered > by any unprivileged attacker requiring the intervention of an > administrator to restart lightdm. It affects all versions of > lightdm-gtk-greeter. Hm, if this warrants a CVE for lightdm, then gdm3 needs one also: https://bugzilla.gnome.org/show_bug.cgi?id=704284 http://bugs.debian.org/683338 Basically, when gdm3 is configured to not show a list of users (but instead shows a blank box for the login prompt), if the user clicks "cancel" or hits the escape key, then the greeter gets put into a mode without any way to log in (no prompts available). I've tried to debug it but it appears to be due to some sort of timing-dependent case. When i step through the code with gdb, i haven't been able to reproduce the issue. It is definitely a bad situation for machines in public locations with this configuration. --dkg Download attachment "signature.asc" of type "application/pgp-signature" (1028 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.