Yves-Alexis Perez
2014-Jan-07 20:09 UTC
[LightDM] [oss-security] CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Jan 07, 2014 at 11:47:31AM +0100, Guido Berhoerster wrote:> Hi, > > an openSUSE user discovered that it is trivial to crash > lightdm-gtk-greeter by entering an empty username due to a NULL > pointer dereference. When a greeter crashes the lightdm daemon > exits. > This constitutes a local denial of service which can be triggered > by any unprivileged attacker requiring the intervention of an > administrator to restart lightdm. It affects all versions of > lightdm-gtk-greeter.I've just checked in Debian Wheezy (lightdm 1.2.2, lightdm-gtk-greeter 1.1.6), and a crashed greeter (because of that NULL username) doesn't lead to a lightdm exit. I'm not sure what was the reason for changing that (if there's a reason), but it might be a problem in itself. Regards, - -- Yves-Alexis Perez -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSzF8PAAoJEG3bU/KmdcClVR8H/jRLkzUzniSxOifUSslX7a8U +fw3efTrj5OZUlVlrwskj1Lvt0v9Pd+639p41FVCFTTfWCcARw0kPo9M13+hXM5V nooy91SMDoOqZ+Ok9lpqIfpRSnQRWMt4c9H6eTSCr2TfNhw/3smMy6zpJqjMUnWU o5R3vqxsdySgYIdVG90RPQ81+jlYTThthZWN9zRE9tnnOSQK++A9/YxKnfWCr77A bS0CE9a0CAvfosMxaeHdLtNLUN0c0EDHZENX89XUd6xCy9m2UYYR0BSxEq30dAJG UrlHVy0F65jt9G8H+8EuCMQXbdWjJNOI2s+fP04n/HodZUvsO3P/0w9BtjHTAEs=JlIY -----END PGP SIGNATURE-----