Date: Tue, 7 Jan 2014 21:09:54 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: LightDM Mailing List <lightdm@...ts.freedesktop.org>, Robert Ancell <robert.ancell@...il.com> Subject: Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Jan 07, 2014 at 11:47:31AM +0100, Guido Berhoerster wrote: > Hi, > > an openSUSE user discovered that it is trivial to crash > lightdm-gtk-greeter by entering an empty username due to a NULL > pointer dereference. When a greeter crashes the lightdm daemon > exits. > This constitutes a local denial of service which can be triggered > by any unprivileged attacker requiring the intervention of an > administrator to restart lightdm. It affects all versions of > lightdm-gtk-greeter. I've just checked in Debian Wheezy (lightdm 1.2.2, lightdm-gtk-greeter 1.1.6), and a crashed greeter (because of that NULL username) doesn't lead to a lightdm exit. I'm not sure what was the reason for changing that (if there's a reason), but it might be a problem in itself. Regards, - -- Yves-Alexis Perez -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSzF8PAAoJEG3bU/KmdcClVR8H/jRLkzUzniSxOifUSslX7a8U +fw3efTrj5OZUlVlrwskj1Lvt0v9Pd+639p41FVCFTTfWCcARw0kPo9M13+hXM5V nooy91SMDoOqZ+Ok9lpqIfpRSnQRWMt4c9H6eTSCr2TfNhw/3smMy6zpJqjMUnWU o5R3vqxsdySgYIdVG90RPQ81+jlYTThthZWN9zRE9tnnOSQK++A9/YxKnfWCr77A bS0CE9a0CAvfosMxaeHdLtNLUN0c0EDHZENX89XUd6xCy9m2UYYR0BSxEq30dAJG UrlHVy0F65jt9G8H+8EuCMQXbdWjJNOI2s+fP04n/HodZUvsO3P/0w9BtjHTAEs= =JlIY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.