Vulnerabilities > CVE-2014-0979 - Local Denial of Service vulnerability in LightDM GTK+ Greeter
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1647.NASL description Fix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-12 plugin id 72443 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72443 title Fedora 20 : lightdm-gtk-1.6.1-3.fc20 (2014-1647) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-1647. # include("compat.inc"); if (description) { script_id(72443); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0979"); script_bugtraq_id(64679); script_xref(name:"FEDORA", value:"2014-1647"); script_name(english:"Fedora 20 : lightdm-gtk-1.6.1-3.fc20 (2014-1647)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1049420" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?53d5d7c2" ); script_set_attribute( attribute:"solution", value:"Update the affected lightdm-gtk package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lightdm-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"lightdm-gtk-1.6.1-3.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-41.NASL description - add lightdm-gtk-greeter-handle-invalid-user.patch in order to fix a NULL pointer dereference after authentication of an invalid username has failed (bnc#857303, CVE-2014-0979) - add lightdm-gtk-greeter-invalid-last_session.patch fix segfault when last_session is an invalid session (lp#1161883) - add lightdm-gtk-greeter-fix-login.patch in order to fix login/unlock detection last seen 2020-06-05 modified 2014-06-13 plugin id 75386 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75386 title openSUSE Security Update : lightdm-gtk-greeter (openSUSE-SU-2014:0071-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-41. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75386); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0979"); script_bugtraq_id(64679); script_name(english:"openSUSE Security Update : lightdm-gtk-greeter (openSUSE-SU-2014:0071-1)"); script_summary(english:"Check for the openSUSE-2014-41 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - add lightdm-gtk-greeter-handle-invalid-user.patch in order to fix a NULL pointer dereference after authentication of an invalid username has failed (bnc#857303, CVE-2014-0979) - add lightdm-gtk-greeter-invalid-last_session.patch fix segfault when last_session is an invalid session (lp#1161883) - add lightdm-gtk-greeter-fix-login.patch in order to fix login/unlock detection" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=857303" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html" ); script_set_attribute( attribute:"solution", value:"Update the affected lightdm-gtk-greeter packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2|SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-1.1.6-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-branding-upstream-1.1.6-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-debuginfo-1.1.6-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-debugsource-1.1.6-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"lightdm-gtk-greeter-lang-1.1.6-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-1.3.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-branding-upstream-1.3.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-debuginfo-1.3.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-debugsource-1.3.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"lightdm-gtk-greeter-lang-1.3.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-1.3.1-5.6.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-branding-upstream-1.3.1-5.6.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-debuginfo-1.3.1-5.6.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-debugsource-1.3.1-5.6.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"lightdm-gtk-greeter-lang-1.3.1-5.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk-greeter / lightdm-gtk-greeter-branding-upstream / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1648.NASL description Fix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-12 plugin id 72444 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72444 title Fedora 19 : lightdm-gtk-1.6.1-3.fc19 (2014-1648) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-1648. # include("compat.inc"); if (description) { script_id(72444); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0979"); script_bugtraq_id(64679); script_xref(name:"FEDORA", value:"2014-1648"); script_name(english:"Fedora 19 : lightdm-gtk-1.6.1-3.fc19 (2014-1648)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix potential denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1049420" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2611cd25" ); script_set_attribute( attribute:"solution", value:"Update the affected lightdm-gtk package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lightdm-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"lightdm-gtk-1.6.1-3.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk"); }
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html
- http://secunia.com/advisories/56211
- http://secunia.com/advisories/56423
- http://www.openwall.com/lists/oss-security/2014/01/07/15
- http://www.securityfocus.com/bid/64679
- https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
- https://bugzilla.novell.com/show_bug.cgi?id=857303