Vulnerabilities > CVE-2014-0979 - Local Denial of Service vulnerability in LightDM GTK+ Greeter

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
opensuse
lightdm-gtk-greeter-project
nessus

Summary

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1647.NASL
    descriptionFix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-02-12
    plugin id72443
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72443
    titleFedora 20 : lightdm-gtk-1.6.1-3.fc20 (2014-1647)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-1647.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72443);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0979");
      script_bugtraq_id(64679);
      script_xref(name:"FEDORA", value:"2014-1647");
    
      script_name(english:"Fedora 20 : lightdm-gtk-1.6.1-3.fc20 (2014-1647)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix potential denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1049420"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?53d5d7c2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lightdm-gtk package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lightdm-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"lightdm-gtk-1.6.1-3.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-41.NASL
    description - add lightdm-gtk-greeter-handle-invalid-user.patch in order to fix a NULL pointer dereference after authentication of an invalid username has failed (bnc#857303, CVE-2014-0979) - add lightdm-gtk-greeter-invalid-last_session.patch fix segfault when last_session is an invalid session (lp#1161883) - add lightdm-gtk-greeter-fix-login.patch in order to fix login/unlock detection
    last seen2020-06-05
    modified2014-06-13
    plugin id75386
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75386
    titleopenSUSE Security Update : lightdm-gtk-greeter (openSUSE-SU-2014:0071-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-41.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75386);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0979");
      script_bugtraq_id(64679);
    
      script_name(english:"openSUSE Security Update : lightdm-gtk-greeter (openSUSE-SU-2014:0071-1)");
      script_summary(english:"Check for the openSUSE-2014-41 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - add lightdm-gtk-greeter-handle-invalid-user.patch in
        order to fix a NULL pointer dereference after
        authentication of an invalid username has failed
        (bnc#857303, CVE-2014-0979)
    
      - add lightdm-gtk-greeter-invalid-last_session.patch fix
        segfault when last_session is an invalid session
        (lp#1161883)
    
      - add lightdm-gtk-greeter-fix-login.patch in order to fix
        login/unlock detection"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=857303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lightdm-gtk-greeter packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-lang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-1.1.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-branding-upstream-1.1.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-debuginfo-1.1.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-debugsource-1.1.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-lang-1.1.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-1.3.1-2.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-branding-upstream-1.3.1-2.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-debuginfo-1.3.1-2.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-debugsource-1.3.1-2.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-lang-1.3.1-2.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-1.3.1-5.6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-branding-upstream-1.3.1-5.6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-debuginfo-1.3.1-5.6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-debugsource-1.3.1-5.6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-lang-1.3.1-5.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk-greeter / lightdm-gtk-greeter-branding-upstream / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1648.NASL
    descriptionFix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-02-12
    plugin id72444
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72444
    titleFedora 19 : lightdm-gtk-1.6.1-3.fc19 (2014-1648)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-1648.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72444);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0979");
      script_bugtraq_id(64679);
      script_xref(name:"FEDORA", value:"2014-1648");
    
      script_name(english:"Fedora 19 : lightdm-gtk-1.6.1-3.fc19 (2014-1648)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix potential denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1049420"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2611cd25"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lightdm-gtk package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lightdm-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"lightdm-gtk-1.6.1-3.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk");
    }