Lucene search

[email protected]NVD:CVE-2013-4143

HistoryMay 30, 2014 - 2:55 p.m.

CVE-2013-4143

2014-05-3014:55:08

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

Affected configurations

NVD

Node

david_bagleyxlockmoreRange≤5.42

david_bagleyxlockmoreMatch5.24

david_bagleyxlockmoreMatch5.25

david_bagleyxlockmoreMatch5.26

david_bagleyxlockmoreMatch5.27

david_bagleyxlockmoreMatch5.28

david_bagleyxlockmoreMatch5.29

david_bagleyxlockmoreMatch5.30

david_bagleyxlockmoreMatch5.31

david_bagleyxlockmoreMatch5.32

david_bagleyxlockmoreMatch5.33

david_bagleyxlockmoreMatch5.34

david_bagleyxlockmoreMatch5.35

david_bagleyxlockmoreMatch5.36

david_bagleyxlockmoreMatch5.37

david_bagleyxlockmoreMatch5.38

david_bagleyxlockmoreMatch5.39

david_bagleyxlockmoreMatch5.40

david_bagleyxlockmoreMatch5.41

References

openwall.com/lists/oss-security/2013/07/16/8

openwall.com/lists/oss-security/2013/07/18/6

www.tux.org/~bagleyd/xlock/xlockmore.README

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for NVD:CVE-2013-4143

prion1 openvas4 cve1 nessus2 cvelist1 fedora1 mageia1 gentoo1