1. CVE-Search
  2. CVE-2013-4143
ID CVE-2013-4143
Summary The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. per http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
References
Vulnerable Configurations
  • cpe:2.3:a:david_bagley:xlockmore:5.24:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.25:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.25:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.26:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.27:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.28:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.29:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.29:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.30:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.31:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.32:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.32:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.33:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.33:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.34:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.34:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.35:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.35:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.36:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.36:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.37:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.37:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.38:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.38:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.39:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.39:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.40:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.40:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:5.41:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:5.41:*:*:*:*:*:*:*
  • cpe:2.3:a:david_bagley:xlockmore:*:*:*:*:*:*:*:*
    cpe:2.3:a:david_bagley:xlockmore:*:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 26-06-2014 - 15:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://www.tux.org/~bagleyd/xlock/xlockmore.README
mlist
  • [oss-security] 20130716 CVE Request - xlockmore 5.43 fixes a security flaw
  • [oss-security] 20130718 Re: CVE Request - xlockmore 5.43 fixes a security flaw
Last major update 26-06-2014 - 15:46
Published 30-05-2014 - 14:55
Last modified 26-06-2014 - 15:46
Back to Top