Vigil@nce - xlockmore: denial of service via crypt
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an error in the crypt() function, in order
to stop xlockmore, so a local attacker can access to X.
Impacted products: Fedora, Unix (platform)
Severity: 2/4
Creation date: 17/07/2013
DESCRIPTION OF THE VULNERABILITY
The xlockmore program locks the screen of an X session.
The crypt() function of the glibc hashes a password, using a salt
(random). Since glibc version 2.17, the crypt() function returns a
NULL pointer if the salt is malformed. However, xlockmore does not
handle this case, and dereferences a NULL pointer. The process is
then stopped.
An attacker can therefore force an error in the crypt() function,
in order to stop xlockmore, so a local attacker can access to X.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/xlockmore-denial-of-service-via-crypt-13135