oss-sec mailing list archives

CVE request for LightDM - XDMCP denial of service

From: Yves-Alexis Perez <corsac () debian org>
Date: Sat, 21 Nov 2015 14:52:52 +0100

Hi,

it seems that some versions of LightDM (1.14 and 1.16 series) are vulnerable
to a denial of service when XDMCP server is enabled. When that's the case, an
XDMCP request with no address will crash LightDM.

More information can be found in https://bugs.launchpad.net/lightdm/+bug/15168
31 and the bug is fixed with 1.14.4 and 1.16.6 (and development release
1.17.2).

Can a CVE be assigned to this?

Thanks in advance,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE request for LightDM - XDMCP denial of service Yves-Alexis Perez (Nov 21)
- Re: CVE request for LightDM - XDMCP denial of service cve-assign (Nov 22)