Published: 16/09/2013 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

KDE-Workspace 4.10.5 and previous versions does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kde kde sc
kde kde-workspace
opensuse opensuse 12.2

Debian Bug report logs - #717180 CVE-2013-4132: NULL pointer dereference in kcheckpass and kdm Package: kde-workspace; Maintainer for kde-workspace is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for kde-workspace is src:kde-workspace (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutil ...

KDE-Workspace 4105 and earlier does not properly handle the return value of the glibc 217 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to ...

CWE-310 http://seclists.org/oss-sec/2013/q3/120 http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html https://git.reviewboard.kde.org/r/111261/http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html http://seclists.org/oss-sec/2013/q3/117 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717180 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4132

CVE-2013-4132

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect