[oss-security] CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+

Kurt Seifried kseifried at redhat.com
Thu Jun 13 16:57:07 PDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/11/2013 05:47 PM, Alan Coopersmith wrote:
> It's been suggested we get a CVE id assigned for this recent fix to
> the xdm display/login manager from X.Org:
> 
> http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117
>
>  Without this fix, if xdm is built to use raw crypt()
> authentication, instead of a higher level system such as PAM or BSD
> Auth, and that crypt() function can return a NULL pointer (as glibc
> 2.17+ does for invalid input, such as when an account is locked by
> prepending a "!" to the password field), then attempting to login
> to such an account via xdm can crash the xdm daemon.
> 
> For single user console machines, this generally just means you get
> the text console login prompt instead.   For machines set up to
> support multiple seats, remote XDMCP access, or X terminals (such
> as LTSP setups using xdm), this may be a denial of service for
> users on those other seats/terminals /devices.
> 


Please use CVE-2013-2179 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRulxTAAoJEBYNRVNeJnmTI9wP/1LWPFOfR+/Z/1mM77kBbt+K
WqXL20xy5rXRKSYUCDAIE2QLwK+FFwoEP8kB0SzYAp2KQ/Tnq99HWN8Xdb0lT3+A
sxQF5Dy8DCYr5ME5lvYraYxRyFOqal3mx3TGY9dGvzBGB4iOsJ24xPrPzz4uA0iv
IGnltkD1dHiHbVfIsYqrFrdXqN8q1NyRJHWV+L2mLW/iGfIIpw1W289x/8xjBd8Y
ZEfckYr8aLpq5kkf8KT3ua+C0Y99U0n7+TFcxgFPmCkgE57U4dzpFdbAV6iJ69hw
ahyB62MQT6WFtSvUqnl0VP+CclgKZyDvkxzyPkWFBFIuQqTyDOMqyzPXrF9v9C1p
idVxpEHK3w1bdWGrJswYtTqWHE+4PEjeiMYJSDIw/pnINT99z349wlK2tLixCt+z
CGEMelGZvAIgL8pvEnnKfrip0nRbjIFvJGMrdC6uLHNsQvkosMDx7zSOteq60L+d
/yZxOFGjH2+BxFJfSobAlY28E8XTUvG+8o0SEBGq82oPbbAL5KBbbEw9XGcERTT8
rQ0f8xd8Cvdw9fLaVg0FWDircqqtVNhFGwy1tAUE9NokFZlN94ljV5+F7Bhi1OHA
MuRP5doyWSD+4EsGBG1HhIKAj4spszGp/nl4PTu+aAVx0+209RUMmWCH06h2LbIj
4YqMWveDHUo7h+FXZu9z
=VM3h
-----END PGP SIGNATURE-----

More information about the xorg-devel mailing list