CVE-2013-4143

Sažetak

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

Reference

http://openwall.com/lists/oss-security/2013/07/16/8
http://openwall.com/lists/oss-security/2013/07/18/6
http://www.tux.org/~bagleyd/xlock/xlockmore.README

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

26-06-2014 - 15:46

Objavljeno

30-05-2014 - 14:55