4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
68.9%
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing
authentication using certain implementations of the crypt API function that
can return NULL, allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) by attempting to log into an account whose
password field contains invalid characters, as demonstrated using the crypt
function from glibc 2.17 and later with (1) the “!” character in the salt
portion of a password field or (2) a password that has been encrypted using
DES or MD5 in FIPS-140 mode.
Author | Note |
---|---|
mdeslaur | not affected on Debian/Ubuntu because of PAM |