CVE-2013-4143
low
CVSS v3
—
VIR risk
2.1
Description
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| david_bagley | xlockmore | {"endIncluding":"5.42"} | |
| david_bagley | xlockmore | 5.24 | |
| david_bagley | xlockmore | 5.25 | |
| david_bagley | xlockmore | 5.26 | |
| david_bagley | xlockmore | 5.27 | |
| david_bagley | xlockmore | 5.28 | |
| david_bagley | xlockmore | 5.29 | |
| david_bagley | xlockmore | 5.30 | |
| david_bagley | xlockmore | 5.31 | |
| david_bagley | xlockmore | 5.32 | |
| david_bagley | xlockmore | 5.33 | |
| david_bagley | xlockmore | 5.34 | |
| david_bagley | xlockmore | 5.35 | |
| david_bagley | xlockmore | 5.36 | |
| david_bagley | xlockmore | 5.37 | |
| david_bagley | xlockmore | 5.38 | |
| david_bagley | xlockmore | 5.39 | |
| david_bagley | xlockmore | 5.40 | |
| david_bagley | xlockmore | 5.41 | |
References
- http://openwall.com/lists/oss-security/2013/07/16/8
- http://openwall.com/lists/oss-security/2013/07/18/6
- http://www.tux.org/~bagleyd/xlock/xlockmore.README
- http://openwall.com/lists/oss-security/2013/07/16/8
- http://openwall.com/lists/oss-security/2013/07/18/6
- http://www.tux.org/~bagleyd/xlock/xlockmore.README
💬 Discuss CVE-2013-4143 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.