Red Hat Bugzilla – Bug 985355
CVE-2013-4132 kde-workspace: NULL pointer dereference in KDM and KCheckPass when glibc 2.17 or FIPS-140 enabled system used
Last modified: 2016-03-04 06:53:12 EST
A NULL pointer dereference flaw was found in the way KDE Display Manager (KDM) and the KCheckPass KDE's authentication program of KDE workspace, the desktop of the KDE desktop environment, used to handle crypt() routine failures when used on system where version of the glibc package was based on upstream 2.17 version or used on FIPS-140 enabled Linux system (cases when crypt() returned NULL for cases where password salt violated specifications). A local attacker could use this flaw to cause KDM or KCheckPass denial of service.
Upstream bug report:
This issue previously affected the versions of the kde-workspace package, as shipped with Fedora release of 17, 18, and 19. But updates have been already created (in -candidate repository currently), correcting this flaw.
Not Vulnerable. This issue does not affect the version of kdebase package as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of kdebase-workspace package as shipped with Red Hat Enterprise Linux 6.