RSS   Vulnerabilities for 'X display manager'   RSS

2013-12-26
 
CVE-2013-2179

CWE-310
 

 
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.

 

 >>> Vendor: X 33 Products
Xfree86
X11
X.org
Xorg-server
Libx11
Libxfont
X window system
X server
X.org-xserver
X.org x11
Libxext
Libxfixes
Libxi
Libxinerama
Libxrandr
Libxrender
Libxres
Libxv
Libxvmc
Libxxf86dga
Libdmx
Libchromexvmc
Libchromexvmcpro
Libfs
Libxxf86vm
Libxt
Libxcursor
Libxp
Libxtst
Libxcb
X display manager
Libglx
Xf86-video-intel


Copyright 2024, cxsecurity.com

 

Back to Top