Vulnerabilities > CVE-2013-4143 - NULL Pointer Dereference Local Denial of Service vulnerability in xlockmore
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. per http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-03.NASL description The remote host is affected by the vulnerability described in GLSA-201309-03 (Xlockmore: Denial of Service) A Denial of Service flaw was found in the way Xlockmore performed the passing of arguments to the underlying localtime() call, when the ‘dlock’ mode was used. Impact : A local attacker could possibly cause a Denial of Service condition and potentially obtain unauthorized access to the graphical session, previously locked by another user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69547 published 2013-09-03 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69547 title GLSA-201309-03 : Xlockmore: Denial of Service code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-03. # # The advisory text is Copyright (C) 2001-2014 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/2.5/ # include("compat.inc"); if (description) { script_id(69547); script_version("1.7"); script_cvs_date("Date: 2018/09/17 21:46:53"); script_cve_id("CVE-2012-4524", "CVE-2013-4143"); script_bugtraq_id(56169, 61331); script_xref(name:"GLSA", value:"201309-03"); script_name(english:"GLSA-201309-03 : Xlockmore: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-03 (Xlockmore: Denial of Service) A Denial of Service flaw was found in the way Xlockmore performed the passing of arguments to the underlying localtime() call, when the ‘dlock’ mode was used. Impact : A local attacker could possibly cause a Denial of Service condition and potentially obtain unauthorized access to the graphical session, previously locked by another user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"http://www.gentoo.org/security/en/glsa/glsa-201309-03.xml" ); script_set_attribute( attribute:"solution", value: "All Xlockmore users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-misc/xlockmore-5.43'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xlockmore"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-misc/xlockmore", unaffected:make_list("ge 5.43"), vulnerable:make_list("lt 5.43"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xlockmore"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-13258.NASL description fixed last seen 2020-03-17 modified 2013-07-31 plugin id 69151 published 2013-07-31 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69151 title Fedora 19 : xlockmore-5.43-1.fc19 (2013-13258) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-13258. # include("compat.inc"); if (description) { script_id(69151); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4143"); script_bugtraq_id(61331); script_xref(name:"FEDORA", value:"2013-13258"); script_name(english:"Fedora 19 : xlockmore-5.43-1.fc19 (2013-13258)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fixed 'NULL pointer dereference leads to crash and bypass of screen lock' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=985540" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112894.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6133c3fc" ); script_set_attribute( attribute:"solution", value:"Update the affected xlockmore package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xlockmore"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"xlockmore-5.43-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xlockmore"); }