oss-sec mailing list archives
CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference
From: Guido Berhoerster <guido+openwall.com () berhoerster name>
Date: Tue, 7 Jan 2014 11:47:31 +0100
Hi, an openSUSE user discovered that it is trivial to crash lightdm-gtk-greeter by entering an empty username due to a NULL pointer dereference. When a greeter crashes the lightdm daemon exits. This constitutes a local denial of service which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm. It affects all versions of lightdm-gtk-greeter. The initial downstream report is at https://bugzilla.novell.com/show_bug.cgi?id=857303, the bug has been reported upstream at https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 and fixes for the 1.1 and 1.3 series are available at https://build.opensuse.org/package/view_file/home:gberh:branches:OBS_Maintained:lightdm-gtk-greeter/lightdm-gtk-greeter.openSUSE_12.2_Update/lightdm-gtk-greeter-handle-invalid-user.patch?expand=1 and https://build.opensuse.org/package/view_file/home:gberh:branches:OBS_Maintained:lightdm-gtk-greeter/lightdm-gtk-greeter.openSUSE_13.1_Update/lightdm-gtk-greeter-handle-invalid-user.patch?expand=1 Could a CVE be assigned to this issue please? -- Guido Berhoerster
Current thread:
- CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Guido Berhoerster (Jan 07)
- Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez (Jan 07)
- Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Daniel Kahn Gillmor (Jan 07)
- Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign (Jan 07)
- Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez (Jan 07)
- Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign (Jan 07)