oss-sec mailing list archives
Re: Re: CVE request - slock, all versions NULL pointer dereference
From: x ksi <s3810 () pjwstk edu pl>
Date: Fri, 19 Aug 2016 09:59:16 +1000
Hey, Just for the record... http://s1m0n.dft-labs.eu/files/slock/ . Vendor was notified about this issue on 2015-11-13. Thanks, F 2016-08-19 7:13 GMT+10:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256The screen locking application slock (http://tools.suckless.org/slock/) calls crypt(3) and uses the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set errno to EINVAL. This will cause slock to segfault which then leaves the machine unprotected. A couple of common scenarios where this might happen are: - a machine using NSS for authentication; on the machine I discovered this bug, (getspnam()->sp_pwdp) returns "*". - the user's account has been disabled for one reason or another; maybe account expiry or password expiry.Use CVE-2016-6866. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtiRVAAoJEHb/MwWLVhi2sacP+gMeIHHCDQ9cy+JpK1eCnSCS sazQCwgyDrGdrT9a842vGgkenEmHfeIwJHlpsMsmB4SBhRjUkWSMDKwh/VYyIFAI U3bIi2B3jqG70onrQJnHPYisz/shOdyv5m4GxTCFVn17i0R4iJ9h3yO7coFG2QMT GxMlm+QkxvUiTz4hEKI6pt7Cpca/5819cqs7fJr368zP1KB54b0dIRNFzFYMOyqk Q6M9SvJICMz5j5rrxYFijhfTrB8AiuU0XNgwZs/sJhRXy8xdf1n+m5C60eDLG+o4 Qx2KzHhlDScl680OQNi77MCSHq8Ffb5bEWZDsxujqcN3p4JDGMTBKAJ2vWfDajog 7Ugaqz4ddnj2EY8+ZL6jPzxq1HqBbUmwCCCwvoeltF6etclaGB4Hps6p7ffB3zQy rXsAUC659T/xPURObeHB+krNEadz/lcx1/ucA7+DXmtBmd/oHDYsbwU91M/z+oCQ 6K/CIT2ZTKbUPDP8mdQfpgPsURRXc+oMl8AsUf9OBlnNPn1MGeGfbNOUZz8tJnuT coI//OylyihxjQaOK36vxTu4WtMtvH+bR6tH39TSTxyyKiOFG4xavWCJpshUwDa0 tx9QK6RbbWLfIm+PaSkiFqpsZ+oy25DI2FmUPe47u8qStCAVm5TSnOi3/YuPfTMr osR1b1FAQ/zhY7kYhD1n =HbWC -----END PGP SIGNATURE-----
Current thread:
- CVE request - slock, all versions NULL pointer dereference Eric Pruitt (Aug 18)
- Re: CVE request - slock, all versions NULL pointer dereference cve-assign (Aug 18)
- Re: Re: CVE request - slock, all versions NULL pointer dereference x ksi (Aug 19)
- Re: CVE request - slock, all versions NULL pointer dereference cve-assign (Aug 18)