Lucene search
RedhatCVE-2013-4143HistoryMay 30, 2014 - 2:55 p.m.
CVE-2013-4143
2014-05-3014:55:08
redhat
web.nvd.nist.gov
27
cve-2013-4143
xlockmore
screen lock bypass
invalid salts
glibc 2.17
nvd
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
20.8%
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
Affected configurations
Node
david_bagleyxlockmoreRange≤5.42
ORdavid_bagleyxlockmoreMatch5.24
ORdavid_bagleyxlockmoreMatch5.25
ORdavid_bagleyxlockmoreMatch5.26
ORdavid_bagleyxlockmoreMatch5.27
ORdavid_bagleyxlockmoreMatch5.28
ORdavid_bagleyxlockmoreMatch5.29
ORdavid_bagleyxlockmoreMatch5.30
ORdavid_bagleyxlockmoreMatch5.31
ORdavid_bagleyxlockmoreMatch5.32
ORdavid_bagleyxlockmoreMatch5.33
ORdavid_bagleyxlockmoreMatch5.34
ORdavid_bagleyxlockmoreMatch5.35
ORdavid_bagleyxlockmoreMatch5.36
ORdavid_bagleyxlockmoreMatch5.37
ORdavid_bagleyxlockmoreMatch5.38
ORdavid_bagleyxlockmoreMatch5.39
ORdavid_bagleyxlockmoreMatch5.40
ORdavid_bagleyxlockmoreMatch5.41
| Vendor | Product | Version | CPE |
|---|---|---|---|
| david_bagley | xlockmore | * | cpe:2.3:a:david_bagley:xlockmore:*:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.24 | cpe:2.3:a:david_bagley:xlockmore:5.24:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.25 | cpe:2.3:a:david_bagley:xlockmore:5.25:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.26 | cpe:2.3:a:david_bagley:xlockmore:5.26:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.27 | cpe:2.3:a:david_bagley:xlockmore:5.27:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.28 | cpe:2.3:a:david_bagley:xlockmore:5.28:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.29 | cpe:2.3:a:david_bagley:xlockmore:5.29:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.30 | cpe:2.3:a:david_bagley:xlockmore:5.30:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.31 | cpe:2.3:a:david_bagley:xlockmore:5.31:*:*:*:*:*:*:* |
| david_bagley | xlockmore | 5.32 | cpe:2.3:a:david_bagley:xlockmore:5.32:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2014-05-30 14:55:00
cvelist
cvelist
CVE-2013-4143
2014-05-30 14:00:00
openvas
openvas
Fedora Update for xlockmore FEDORA-2013-13258
2013-08-20 00:00:00
Fedora Update for xlockmore FEDORA-2013-13258
2013-08-20 00:00:00
Mageia: Security Advisory (MGASA-2013-0225)
2022-01-28 00:00:00
nessus
nessus
Fedora 19 : xlockmore-5.43-1.fc19 (2013-13258)
2013-07-31 00:00:00
GLSA-201309-03 : Xlockmore: Denial of Service
2013-09-03 00:00:00
mageia
mageia
Updated xlockmore package fixes security vulnerability
2013-07-21 13:31:57
osv
osv
xlockmore-5.45-3.8 on GA media
2024-06-15 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: xlockmore-5.43-1.fc19
2013-07-30 17:49:52
nvd
nvd
CVE-2013-4143
2014-05-30 14:55:08
gentoo
gentoo
Xlockmore: Denial of service
2013-09-02 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
20.8%
Related for CVE-2013-4143