CVE-2013-4143

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-4143
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://openwall.com/lists/oss-security/2013/07/16/8
http://openwall.com/lists/oss-security/2013/07/18/6
http://www.tux.org/~bagleyd/xlock/xlockmore.README Vendor Advisory
http://openwall.com/lists/oss-security/2013/07/16/8
http://openwall.com/lists/oss-security/2013/07/18/6
http://www.tux.org/~bagleyd/xlock/xlockmore.README Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:david_bagley:xlockmore:*:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.24:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.25:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.26:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.27:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.28:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.29:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.30:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.31:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.32:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.33:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.34:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.35:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.36:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.37:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.38:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.39:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.40:*:*:*:*:*:*:*
cpe:2.3:a:david_bagley:xlockmore:5.41:*:*:*:*:*:*:*
History

21 Nov 2024, 01:54

Type Values Removed Values Added
References () http://openwall.com/lists/oss-security/2013/07/16/8 - () http://openwall.com/lists/oss-security/2013/07/16/8 -
References () http://openwall.com/lists/oss-security/2013/07/18/6 - () http://openwall.com/lists/oss-security/2013/07/18/6 -
References () http://www.tux.org/~bagleyd/xlock/xlockmore.README - Vendor Advisory () http://www.tux.org/~bagleyd/xlock/xlockmore.README - Vendor Advisory
Information

Published : 2014-05-30 14:55

Updated : 2024-11-21 01:54

NVD link : CVE-2013-4143

Mitre link : CVE-2013-4143

CVE.ORG link : CVE-2013-4143

JSON object : View

Products Affected

david_bagley

  • xlockmore
CWE
NVD-CWE-Other