Lucene search

[email protected]CVE-2014-0979

HistoryJan 23, 2014 - 1:55 a.m.

CVE-2014-0979

2014-01-2301:55:04

[email protected]

web.nvd.nist.gov

cve-2014-0979

lightdm

gtk+ greeter

denial of service

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.

Affected configurations

NVD

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterRange≤1.7.0

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.1

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.2

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.3

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.4

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.5

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.1.6

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.3.0

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.3.1

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.5.0

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.5.1

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.5.2

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.6.0

lightdm_gtk\+_greeter_projectlightdm_gtk\+_greeterMatch1.6.1

CPENameOperatorVersion
opensuse:opensuseopensuseeq12.2
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	12.2
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1

References

lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html

lists.opensuse.org/opensuse-updates/2014-01/msg00048.html

secunia.com/advisories/56211

secunia.com/advisories/56423

www.openwall.com/lists/oss-security/2014/01/07/15

www.securityfocus.com/bid/64679

bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449

bugzilla.novell.com/show_bug.cgi?id=857303

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0979

nessus3 openvas5 ubuntucve1 cvelist1 debiancve1 prion1 mageia1 fedora2 nvd1