oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference

From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 7 Jan 2014 21:09:54 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, Jan 07, 2014 at 11:47:31AM +0100, Guido Berhoerster wrote:

Hi,

an openSUSE user discovered that it is trivial to crash
lightdm-gtk-greeter by entering an empty username due to a NULL
pointer dereference. When a greeter crashes the lightdm daemon
exits.
This constitutes a local denial of service which can be triggered
by any unprivileged attacker requiring the intervention of an
administrator to restart lightdm. It affects all versions of
lightdm-gtk-greeter.


I've just checked in Debian Wheezy (lightdm 1.2.2, lightdm-gtk-greeter
1.1.6), and a crashed greeter (because of that NULL username) doesn't
lead to a lightdm exit.

I'm not sure what was the reason for changing that (if there's a
reason), but it might be a problem in itself.

Regards,
- -- 
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSzF8PAAoJEG3bU/KmdcClVR8H/jRLkzUzniSxOifUSslX7a8U
+fw3efTrj5OZUlVlrwskj1Lvt0v9Pd+639p41FVCFTTfWCcARw0kPo9M13+hXM5V
nooy91SMDoOqZ+Ok9lpqIfpRSnQRWMt4c9H6eTSCr2TfNhw/3smMy6zpJqjMUnWU
o5R3vqxsdySgYIdVG90RPQ81+jlYTThthZWN9zRE9tnnOSQK++A9/YxKnfWCr77A
bS0CE9a0CAvfosMxaeHdLtNLUN0c0EDHZENX89XUd6xCy9m2UYYR0BSxEq30dAJG
UrlHVy0F65jt9G8H+8EuCMQXbdWjJNOI2s+fP04n/HodZUvsO3P/0w9BtjHTAEs=
=JlIY
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: