Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference

[Yves-Alexis Perez <corsac () debian org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, Jan 07, 2014 at 11:47:31AM +0100, Guido Berhoerster wrote:
> Hi,
>
> an openSUSE user discovered that it is trivial to crash
> lightdm-gtk-greeter by entering an empty username due to a NULL
> pointer dereference. When a greeter crashes the lightdm daemon
> exits.
> This constitutes a local denial of service which can be triggered
> by any unprivileged attacker requiring the intervention of an
> administrator to restart lightdm. It affects all versions of
> lightdm-gtk-greeter.
>
> The initial downstream report is at
> https://bugzilla.novell.com/show_bug.cgi?id=857303, the bug has
> been reported upstream at
> https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 and
> fixes for the 1.1 and 1.3 series are available at
> https://build.opensuse.org/package/view_file/home:gberh:branches:OBS_Maintained:lightdm-gtk-greeter/lightdm-gtk-greeter.openSUSE_12.2_Update/lightdm-gtk-greeter-handle-invalid-user.patch?expand=1
> and
> https://build.opensuse.org/package/view_file/home:gberh:branches:OBS_Maintained:lightdm-gtk-greeter/lightdm-gtk-greeter.openSUSE_13.1_Update/lightdm-gtk-greeter-handle-invalid-user.patch?expand=1
>
> Could a CVE be assigned to this issue please?

I can confirm the bug on Debian (lightdm-gtk-greeter 1.6.1-4 and
1.7.0-1) as well as that the patch above seems to correctly fix it.

Regards,
- -- 
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSzAOiAAoJEG3bU/KmdcClIVcH/iiWbn87U8CSi7Lpkw3qT/X5
eNgtg9uPflrkPUjmCq2GcagCZHWB8voKOGTZUaSQ9gE1vS/AsjcqZFt7vc+YYoEZ
+IgR2jbJj/6qlFxB78kKKvscsxX0W5iwmRiTjwLwnCb6rt5AmnHm6Qp7KhEXM5mA
DgHr+1zDzuQwQoGicDq+pU9yDxWrvXn/d0y1WbpYliqkh+Ao2jtl3CrboLsJaU/e
scuxy0QDBaOWZAbgdUTWjhnERzTd9ZxC68IcsnXb3gdHw77TYzDOf8Muu9H0OV95
L4ClypusfRdsNR71hiG8c5+YxVxBiJayd4iDK7AXcmwZhWTpvxMK6ef78SjPXjs=
=gy2y
-----END PGP SIGNATURE-----