CVE-2013-2179

2013-12-2700:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON

X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing
authentication using certain implementations of the crypt API function that
can return NULL, allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) by attempting to log into an account whose
password field contains invalid characters, as demonstrated using the crypt
function from glibc 2.17 and later with (1) the “!” character in the salt
portion of a password field or (2) a password that has been encrypted using
DES or MD5 in FIPS-140 mode.