1049420 – (CVE-2014-0979) CVE-2014-0979 lightdm-gtk: local DoS due to NULL pointer dereference

Bug 1049420 (CVE-2014-0979) - CVE-2014-0979 lightdm-gtk: local DoS due to NULL pointer dereference

Summary: CVE-2014-0979 lightdm-gtk: local DoS due to NULL pointer dereference

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-0979
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1049422
Blocks:
TreeView+	depends on / blocked

Reported:	2014-01-07 14:53 UTC by Ratul Gupta
Modified:	2019-09-29 13:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2018-01-05 10:30:44 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for this vulnerability. (11.86 KB, patch) 2014-01-07 15:00 UTC, Ratul Gupta	no flags	Details \| Diff
View All

Description Ratul Gupta 2014-01-07 14:53:24 UTC

lightdm-gtk was found to be affected by a vulnerability, which causes it to crash with no username entered and hitting the ENTER.

The issue seems to be a local DoS due to NULL pointer dereference, which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm. When a greeter crashes the lightdm daemon exits.

References:
http://seclists.org/oss-sec/2014/q1/30
https://bugzilla.novell.com/show_bug.cgi?id=857303

Comment 1 Ratul Gupta 2014-01-07 14:54:05 UTC

Created lightdm-gtk tracking bugs for this issue:

Affects: fedora-all [bug 1049422]

Comment 2 Ratul Gupta 2014-01-07 15:00:59 UTC

Created attachment 846727 [details]
Patch for this vulnerability.

Though this patch is for lightdm-gtk 1.3, it is reported to work on lightdm-gtk 1.6 as well.

Comment 3 Vincent Danen 2014-01-07 17:31:59 UTC

Upstream report: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449

Comment 5 Fedora Update System 2014-02-11 23:08:31 UTC

lightdm-gtk-1.6.1-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-02-11 23:14:27 UTC

lightdm-gtk-1.6.1-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.