ID CVE-2013-4132
Summary KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
References
Vulnerable Configurations
  • KDE KDE-workspace 4.10.5
    cpe:2.3:a:kde:kde-workspace:4.10.5
  • KDE Software Compilation (SC) 4.10.5
    cpe:2.3:a:kde:kde_sc:4.10.5
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
CVSS
Base: 5.0 (as of 17-09-2013 - 10:42)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-607.NASL
    description - Added changeset_ra2bab28a.diff from upstream 4.11 branch, fixes kde#321576 - Added kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.pat ch, (bnc#829857, CVE-2013-4132)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75097
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75097
    title openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1253-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-625.NASL
    description kdebase4-workspace received fixes for : - KDM: a potential crash in crypt() was fixed (bnc#829857, CVE-2013-4132) - Fixes plasma systemtray memory leak with legacy icons (kde#314919, bnc#817932, bnc#829857, CVE-2013-4133)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75103
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75103
    title openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1291-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KDE4-KDM-140630.NASL
    description This kdebase4-workspace update fixes two security issues : - NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) - Memory leak that could lead to a denial of service. (CVE-2013-4133)
    last seen 2018-09-02
    modified 2014-07-11
    plugin id 76473
    published 2014-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76473
    title SuSE 11.3 Security Update : kdebase4-workspace (SAT Patch Number 9467)
refmap via4
confirm https://git.reviewboard.kde.org/r/111261/
mlist [oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws
suse
  • openSUSE-SU-2013:1253
  • openSUSE-SU-2013:1291
Last major update 17-09-2013 - 10:42
Published 16-09-2013 - 15:14
Last modified 30-10-2018 - 12:27
Back to Top