- Description
- KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde-workspace:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0569889F-8059-4319-A20A-FD7A3809EE1E",
"versionEndIncluding": "4.10.5"
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D88BC24E-31F5-435C-9F07-AAAAF755AA19",
"versionEndIncluding": "4.10.5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
}
],
"operator": "OR"
}
]
}
]